On 25/06/2010 23:21, Jamie Bohr wrote:
Hello All,
Sorry this is off-topic but I would like some advise from this list and
possibly get an understanding of what other large organizations are
doing for UNIX/Linux authentication management.
I am a Senior Administrator for 3000 UNIX/Linux based devices ranging
from HP-UX 10.20-11.31, Solaris 8-10 and RHEL 3-5 at 40 different
sites. Most are using NIS for authentication (separate NIS domains)
and the AMD (am-utils) automounter. I would like to move
authentication to LDAP (AD would be better) but before I invest a lot
of time and effort I would like advise from this list on what direction
I should go.
Because some of the devices are NOT capable of using LDAP (or
AD) for authentication I will need to keep NIS around until they can
be removed from the environment. If I move to LDAP I would like as
much put into LDAP as possible including Netgroup, automounter maps and
sudo permissions.
A few questions:
- Do you manage a multi-site, multi-geography environment using
LDAP?
- If so, what LDAP version do you use?
- Do you keep automounter maps in LDAP?
- Do you keep netgroups in LDAP?
- Do you have SUDO information in LDAP?
- Do you support OSes other than Linux with LDAP?
- If so, what OSes and version, i.e.: HP-UX 11.23, ...
- Would Fedora Directory server, FreeIPA or something else be the
way to go?
- Any advice on resolving over lapping UIDs/GIDs?
- Have anyone used Likewise (or something like it) to
authenticate of an AD domain?
--
Jamie Bohr
Hi
Might be worthwhile asking on http://directory.fedoraproject.org/ Rich
Megginson has been doing ldap things since the year dot, so would
probably be able to give you some pointers.
Bryan
|
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
