[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP Design Advice
On Tue, May 01, 2001 at 11:45:28AM -0400, Andrew Crum wrote:
> I specifically want these features:
> -SSL support. All communication with the LDAP server must be secure. I can't
> have password flying around in plain-text.
Stunnel. It is another package that you install on the server that answers in
SSL, then connectsback to plain localhost port.
For Perl scripts, Net::LDAP also supports SSL no sweat!
> -Users on unix/linux authenticate from the ldap directory instead of though
> NIS as we are doing now.
PAM.
Failing that, you use password hashes compatible with your Unix system, and
script something up such that a special account can be bind()ed from the Unix
client to build passwd maps with. My interim ambition is to run NIS against
LDAP and then wean ourselves off of NIS.
> -Users on Windows 2000 authenticate from the ldap directory. (Samba
> intergration)
See other port.
> -Users on MacOS 9 and X authenticate from the ldap directory. (netatalk for
> os9 intergration).
OS 9? What are you hoping to authenticate? I know OS X can work against
LDAP.
-danny
--
http://dannyman.toldme.com/