enteprise account management
lee at wildcardinternet.co.uk
Sat Jun 14 10:25:33 PDT 2003
I looked into the LDAP solution a while back... Basically you'll be fine using LDAP if the applications can query an LDAP directory directly, or via PAM using PADLs pam_ldap module.
The problem comes when you need system accounts stored in an LDAP directory, as far as I know (or at least this was the case a few months ago) the nss_ldap module won't work with with FreeBSD Nameserver switch preventing alternative methods of storing system account details. Mind, someone did mention this was possible by recompiling the C library to use BIND IRS.
Another solution maybe to use PADLs commercial NIS/LDAP gateway, so you have a replacement for an NIS server which queries an LDAP directory - http://www.padl.com/
Hope this helps,
> -----Original Message-----
> What`s about using OpenLDAP ?
> With OpenLDAP you can:
> * store your user-accounts in a centralized
> (replication is also possible)
> * define your own attributes
> (usernames, passwords, adresses, mail-aliases,
> * program your own management-interfaces in many
> Many applications are able to use
> LDAP-directories for authentification and
> configuration - but there is also the possibility
> to use the pam-ldap-module
> to import the ldap-users as regular
> There are also some gui- and web-based
> management-tools available.....
> (If you like this - look at freshmeat.net)
> Marc Schoechlin
More information about the freebsd-isp