Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 02-16-2017, 06:24 PM   #1
Registered: Jul 2012
Location: München
Distribution: Debian, CentOS/RHEL
Posts: 587

Rep: Reputation: 72
OpenLDAP - what to build on a simple infrastructure

Hi all!

I have been following this guide and this Gentoo guide and I was able to set up a VM to act as an authentication server for my other VMs (with GUI).

I'm trying to learn OpenLDAP because I'm supposed to help my local municipal office "overhaul" their IT infrastructure, which is currently composed of around 20 desktops. So one of the "needs" I pointed out is a centralized authentication.

I'm planning to use CentOS as the OpenLDAP server and KUbuntu or XUbuntu or Windows 7 as their desktops.

My question really is how should I structure my LDAP tree, I can't find a good guide online on how to map an organization to an LDAP tree. From following the link from itzgeek I was able to create 2 users but that's about it. How about using groups and permissions and how they map to the OS's native security?

Another concern are authentication and encryption..what are my choices (from the ones natively supported by OpenLDAP) and what are the pros and cons of each?

Sorry if this sounds like asking too much but believe me I have browsed OpenLDAP's documentation but it was just overwhelming.

Old 02-16-2017, 06:46 PM   #2
Registered: Sep 2004
Location: Japan
Distribution: CentOS 7.1
Posts: 735

Rep: Reputation: 154Reputation: 154
I certainly am not a professional for centralized authentication, but you may be able to get away with using FreeIPA which is designed specifically for that sort of thing and is availabe in the centos repo.

It sets up kerberos as well as 386 ldap server for authentication purposes.
Old 02-17-2017, 08:13 AM   #3
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,748
Blog Entries: 4

Rep: Reputation: 3965Reputation: 3965Reputation: 3965Reputation: 3965Reputation: 3965Reputation: 3965Reputation: 3965Reputation: 3965Reputation: 3965Reputation: 3965Reputation: 3965
Well, that might be considerably more detail than the OP needs to know in this case. This guide is really talking about a setup at an Enterprise level. But it would be a good "skim read" for background.

Other possibilities:
The last two articles offer a possibility that should not be overlooked in a "mixed Linux and Windows" shop: single-sign-on authentication that works for either and both environments, managed using Microsoft's management tools – which are rather nicely done. (What Microsoft calls "Open Directory" is basically LDAP.)

Last edited by sundialsvcs; 02-17-2017 at 08:19 AM.


authentication, ldap, openldap

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] How can I build a simple I/O program ? StraightCypress Linux - Newbie 5 06-16-2016 07:54 PM
LXer: GUPnP 0.20.5 Adds Simple Network Device Whitelisting Infrastructure LXer Syndicated Linux News 0 08-26-2013 01:41 AM
Build Simple RPM of SMB malcmcmul Fedora 5 05-16-2012 08:46 AM
openldap (slapd) - authentication using simple name eantoranz Linux - Software 1 08-08-2010 03:19 AM
Can't build simple program!! kwlux Programming 3 11-21-2004 05:17 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:22 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration