[SATLUG] SOHO LDAP
Daniel J. Givens
daniel at rugmonster.org
Sun Jan 24 15:27:14 CST 2010
On 1/24/2010 2:15 PM, Frank Huddleston wrote:
> Has anyone here implemented a multi-computer configuration using LDAP?
> If so, I'd like to hear about it.
Yep. I ran it for a while. I used it for central user management for
Linux and Samba. I also stored AutoFS information in LDAP to all of my
Linux hosts had a common AutoFS configuration at all times.
> I think I heard that Red Hat might also have some kind of application
> like that
That is the Red Hat Directory Server and the free version, the 389
There's also OpenLDAP.
When I was running my LDAP setup, I used OpenLDAP. I've never touched
the Fedora/Red Hat directory server.
> and of course there is Active Directory, but that does
> require MS computers
> to run it
The thing to remember about Active Directory is that it's much more than
LDAP is just a directory service. It stores information like a database.
You can configure systems to pull information from LDAP much like they
would store the information in a local file, such as /etc/passwd,
/etc/group, or even MySQL or other kind of RDBMS. It just stores stuff.
Active Directory, for example, provides Kerberos authentication, group
policies, and other stuff and happens to use LDAP as the place to store
the information. There are other server and client side pieces and parts
that make up what is known as a whole as "Active Directory".
> So, I often hear people suggest using LDAP when I ask these
> multi-computer configuration and management issues, but now I'm asking:
> have any of you actually implemented such a thing, and if so, please
> tell me/us about it.
So LDAP is primarily used in large configurations as a means for
Single-Sign-On style authentication. Via PAM modules, Linux systems can
authenticate against an LDAP server. That way, there's one place for
your users and groups and you don't have to worry about keeping that in
sync on multiple systems. This is particularly important when using a
lot of shared storage via NFS and keeping file ownership and permissions
Like I said before, there are other things you can setup to use LDAP,
such as AutoFS. In the past, I have setup OpenFire and Zimbra to get
user information from an LDAP server. There have been a few web-based
applications that I've setup as well. It all depends on if application X
supports LDAP and for what it uses it for.
To get your LDAP server up and running, there are plenty of howtos out
there that will get you up and running. A word of warning, LDAP has a
lot to it. It's easy to get overwhelmed with it and you should get some
understanding of it before relying on it too heavily.
On most Linux distributions these days, there is an easy way to setup
your system to authenticate against an LDAP server. On Fedora/Red
Hat-based systems, there is authconfig and authconfig-gtk.
So to not provide more technical, howto-style info. There is enough of
that out there already.
So why did I stop using the setup? It was a pain and for the few systems
I had, totally not worth it. I guess I did it as one of those
The OpenLDAP admin guide has a great list that can help answer the "When
should I use LDAP" question.
http://www.openldap.org/doc/admin24/intro.html#When should I use LDAP
More information about the SATLUG