[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Design Advice



On Tue, May 01, 2001 at 11:45:28AM -0400, Andrew Crum wrote:
> I specifically want these features:
> -SSL support. All communication with the LDAP server must be secure. I can't
> have password flying around in plain-text.

Stunnel.  It is another package that you install on the server that answers in
SSL, then connectsback to plain localhost port.

For Perl scripts, Net::LDAP also supports SSL no sweat!

> -Users on unix/linux authenticate from the ldap directory instead of though
> NIS as we are doing now.

PAM.

Failing that, you use password hashes compatible with your Unix system, and
script something up such that a special account can be bind()ed from the Unix
client to build passwd maps with.  My interim ambition is to run NIS against
LDAP and then wean ourselves off of NIS.

> -Users on Windows 2000 authenticate from the ldap directory. (Samba
> intergration)

See other port.

> -Users on MacOS 9 and X authenticate from the ldap directory. (netatalk for
> os9 intergration).

OS 9?  What are you hoping to authenticate?  I know OS X can work against
LDAP.

-danny

-- 
http://dannyman.toldme.com/