LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-16-2017, 07:24 PM   #1
ilesterg
Member
 
Registered: Jul 2012
Location: München
Distribution: Debian, CentOS/RHEL
Posts: 583

Rep: Reputation: 72
OpenLDAP - what to build on a simple infrastructure


Hi all!

I have been following this guide and this Gentoo guide and I was able to set up a VM to act as an authentication server for my other VMs (with GUI).

I'm trying to learn OpenLDAP because I'm supposed to help my local municipal office "overhaul" their IT infrastructure, which is currently composed of around 20 desktops. So one of the "needs" I pointed out is a centralized authentication.

I'm planning to use CentOS as the OpenLDAP server and KUbuntu or XUbuntu or Windows 7 as their desktops.

My question really is how should I structure my LDAP tree, I can't find a good guide online on how to map an organization to an LDAP tree. From following the link from itzgeek I was able to create 2 users but that's about it. How about using groups and permissions and how they map to the OS's native security?

Another concern are authentication and encryption..what are my choices (from the ones natively supported by OpenLDAP) and what are the pros and cons of each?

Sorry if this sounds like asking too much but believe me I have browsed OpenLDAP's documentation but it was just overwhelming.

TIA.
 
Old 02-16-2017, 07:46 PM   #2
ericson007
Member
 
Registered: Sep 2004
Location: Japan
Distribution: CentOS 7.1
Posts: 735

Rep: Reputation: 154Reputation: 154
I certainly am not a professional for centralized authentication, but you may be able to get away with using FreeIPA which is designed specifically for that sort of thing and is availabe in the centos repo.

https://access.redhat.com/site/docum...ide/index.html

It sets up kerberos as well as 386 ldap server for authentication purposes.
 
Old 02-17-2017, 09:13 AM   #3
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179
Well, that might be considerably more detail than the OP needs to know in this case. This guide is really talking about a setup at an Enterprise level. But it would be a good "skim read" for background.

Other possibilities:
The last two articles offer a possibility that should not be overlooked in a "mixed Linux and Windows" shop: single-sign-on authentication that works for either and both environments, managed using Microsoft's management tools – which are rather nicely done. (What Microsoft calls "Open Directory" is basically LDAP.)

Last edited by sundialsvcs; 02-17-2017 at 09:19 AM.
 
  


Reply

Tags
authentication, ldap, openldap


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] How can I build a simple I/O program ? StraightCypress Linux - Newbie 5 06-16-2016 08:54 PM
LXer: GUPnP 0.20.5 Adds Simple Network Device Whitelisting Infrastructure LXer Syndicated Linux News 0 08-26-2013 02:41 AM
Build Simple RPM of SMB malcmcmul Fedora 5 05-16-2012 09:46 AM
openldap (slapd) - authentication using simple name eantoranz Linux - Software 1 08-08-2010 04:19 AM
Can't build simple program!! kwlux Programming 3 11-21-2004 06:17 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration