[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Design Advice

To: Andrew Crum <acrum@oculustech.com>
Subject: Re: LDAP Design Advice
From: dannyman <dannyman@toldme.com>
Date: Mon, 14 May 2001 19:29:51 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <001301c0d255$bf4f43f0$7500a8c0@zamorano>; from acrum@oculustech.com on Tue, May 01, 2001 at 11:45:28AM -0400
References: <001301c0d255$bf4f43f0$7500a8c0@zamorano>

On Tue, May 01, 2001 at 11:45:28AM -0400, Andrew Crum wrote:
> I specifically want these features:
> -SSL support. All communication with the LDAP server must be secure. I can't
> have password flying around in plain-text.

Stunnel.  It is another package that you install on the server that answers in
SSL, then connectsback to plain localhost port.

For Perl scripts, Net::LDAP also supports SSL no sweat!

> -Users on unix/linux authenticate from the ldap directory instead of though
> NIS as we are doing now.

PAM.

Failing that, you use password hashes compatible with your Unix system, and
script something up such that a special account can be bind()ed from the Unix
client to build passwd maps with.  My interim ambition is to run NIS against
LDAP and then wean ourselves off of NIS.

> -Users on Windows 2000 authenticate from the ldap directory. (Samba
> intergration)

See other port.

> -Users on MacOS 9 and X authenticate from the ldap directory. (netatalk for
> os9 intergration).

OS 9?  What are you hoping to authenticate?  I know OS X can work against
LDAP.

-danny

-- 
http://dannyman.toldme.com/

References:
- LDAP Design Advice
  - From: "Andrew Crum" <acrum@oculustech.com>

Prev by Date: Re: AW: Replication between different Versions of server
Next by Date: sasl under win32
Index(es):
- Chronological
- Thread