enteprise account management
Lee Johnston
lee at wildcardinternet.co.uk
Sat Jun 14 10:25:33 PDT 2003
I looked into the LDAP solution a while back... Basically you'll be fine using LDAP if the applications can query an LDAP directory directly, or via PAM using PADLs pam_ldap module.
The problem comes when you need system accounts stored in an LDAP directory, as far as I know (or at least this was the case a few months ago) the nss_ldap module won't work with with FreeBSD Nameserver switch preventing alternative methods of storing system account details. Mind, someone did mention this was possible by recompiling the C library to use BIND IRS.
Another solution maybe to use PADLs commercial NIS/LDAP gateway, so you have a replacement for an NIS server which queries an LDAP directory - http://www.padl.com/
Hope this helps,
Lee.
> -----Original Message-----
> What`s about using OpenLDAP ?
>
> http://www.openldap.org/
>
> With OpenLDAP you can:
>
> * store your user-accounts in a centralized
> database
> (replication is also possible)
> * define your own attributes
> (usernames, passwords, adresses, mail-aliases,
> customer-data,
> user-rights,....)
> * program your own management-interfaces in many
>
> programming-languages
> ....
>
> Many applications are able to use
> LDAP-directories for authentification and
> configuration - but there is also the possibility
> to use the pam-ldap-module
> to import the ldap-users as regular
> system-users.
>
> There are also some gui- and web-based
> management-tools available.....
> (If you like this - look at freshmeat.net)
>
> Regards
>
> Marc Schoechlin
More information about the freebsd-isp
mailing list