Utilizing LDAP to control the networked workstation
 

I am thinking if there is a way to use LDAP to control policy on both Windows and Linux workstations. I've seen the Windows Active Directory implementation. The cool thing is that it can create a common wallpaper for all the Windows clients. It can also do policies which disables USB removable harddisk or flash drives and a lot of things even control what users can and cannot access. Can LDAP do the same thing since AD is also patterned from LDAP? I would like to know if it can accomodate multi-platform OS such as Windows and Linux. Has anyone tried this before?

W/o having tried it I'd say no (certainly not out of the box,
anyway). You can obviously pretty much store whatever you
like in LDAP, but there's no way that it'd get enforced.

I don't know the internal works of AD, either, but I'd think
that SOME HOOK on windows takes care of the enforcement rather
than AD actively pushing stuff.

That said: you should be able to code something like this
yourself ;} ... with the only problem being that it will most
likely become rather distro-specific.


Cheers,
Tink

But I just hope there are ways to lock out USB accesses even in Linux only. Is that possible, or maybe I don't need LDAP to do this. But with plenty of PCs we are handling, I can't do it manually. Is there a centralized administration where I can just disable them. And the wallpapers can it be done? Thanks.

I don't know of any free solutions for your problem. Novels
ZenWorks can handle a few of the main stream distros in such
a manner (and obviously Windows), and I think it should be able
to integrate with LDAP (it certainly does with Novels eDirectory).

As I said: that aside you're on your own.
But pushing something out to a (even a large) number of machines
isn't that hard. Checking who's logged in isn't hard. Unloading
a few modules isn't hard. Stopping them from being reloaded
varies with distro (slackware rocks).


Cheers,
Tink