[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Newbie planning for the future
Alex Moen escreveu:
I have been researching and reading a lot of material for quite a
while about schema design and planning, and haven't found much
pertaining to what I want to do.
We have 50+ servers, serving thousands of customers. I want to
migrate those servers to LDAP authentication and authorization, but
have not found the proper design for multiple servers and duplicated
users. Most references just do the basic "example.com" example and
never expand on it from there. Ultimately, I would like to allow my
admins to have a single account across multiple servers (kind of
"authorization account merging"), but still allot the schema to be
"separate" enough that duplicated usernames on different machines,
corresponding to different people, still exist.
Are there any really good references out there that do step-by-step
walk throughs of the type of schema designing that I am thinking of?
Or is it impossible? Or am I just really making too much of this? :)
You shouldn't concern about schema design, there are already lots of
schemas for almost everything on the net, unless you have some very
specific need.
When you integrate a server with an LDAP database for authentication -
say with nss_ldap for example - you "add" those LDAP accounts to the
server. So, you still get your local accounts for each server and plus
you have the "global" LDAP accounts too. If you want to migrate those
customers local accounts to the LDAP database for centralized
management, you'll have to deal with dups.
My knowledge with LDAP is very simple and basic, but perhaps someone has
a better idea on how to segment your LDAP tree to deal with dups. For
the admin accounts, no big deal, you erase from /etc/passwd on each
server and re-create once on the LDAP.
Best regards,
--
Marcio Merlone
begin:vcard
fn:Marcio Merlone
n:Merlone;Marcio
org:A1 Engenharia e Gerenciamento Ltda.
adr:;;R. Humberto Zanato, 10;Curitiba;PR;81870-250;Brasil
email;internet:marcio.merlone@a1.ind.br
title:Administrador de rede
tel;work:+55-41-3616-3796
tel;cell:+55-41-9689-0036
x-mozilla-html:FALSE
url:http://www.a1.ind.br
version:2.1
end:vcard