Mailinglist Archive: opensuse (3354 mails)
| < Previous | Next > |
Re: [opensuse] User authentication with LDAP, your experience?
- From: Adam Tauno Williams <adamtaunowilliams@xxxxxxxxx>
- Date: Tue, 20 Mar 2007 11:31:41 -0400
- Message-id: <1174404701.4397.58.camel@xxxxxxxxxxxxxxxxxxx>
> I'm looking for hints about switching user authentication to LDAP.
> (We're using NIS up to now.) The LDAP server will be SLES, the
> clients are a variety of SUSE Linux systems, in different versions,
> and other Unix hosts.
> I'm familiar with setup of LDAP servers and know how to configure
> the clients on the PAM level.
> I think that nscd should run on the clients, as LDAP has a rather
> high latency, compared to NIS, and that would provide cached access
> to passwd map entries. Can anybody confirm this or tell me anything
> about performance issues?
nscd is OK for workstations; but busy servers are best off having their
own replicant. In many ways, nscd sucks.
> Are there any further trapfalls that I might fall into? Real-life
> experience about problems that were not obvious at first?
> What do you use to manage LDAP users and groups? YAST?
An intranet applications, and phpLDAPExplorer
> I'm using JXplorer (http://jxplorer.org) for LDAP browsing, but that
> doesn't seem to cut it for account management. Actually, a Web
> interface to manage users and groups would be very helpful.
There is LAM if you are a Samba shop. Personally I find none of them
very impressive; we developed an in-house web fron end.
> Any tip would be greatly appreciated.
See "The LDAP Series" at http://www.whitemiceconsulting.com/node/30 :)
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
> (We're using NIS up to now.) The LDAP server will be SLES, the
> clients are a variety of SUSE Linux systems, in different versions,
> and other Unix hosts.
> I'm familiar with setup of LDAP servers and know how to configure
> the clients on the PAM level.
> I think that nscd should run on the clients, as LDAP has a rather
> high latency, compared to NIS, and that would provide cached access
> to passwd map entries. Can anybody confirm this or tell me anything
> about performance issues?
nscd is OK for workstations; but busy servers are best off having their
own replicant. In many ways, nscd sucks.
> Are there any further trapfalls that I might fall into? Real-life
> experience about problems that were not obvious at first?
> What do you use to manage LDAP users and groups? YAST?
An intranet applications, and phpLDAPExplorer
> I'm using JXplorer (http://jxplorer.org) for LDAP browsing, but that
> doesn't seem to cut it for account management. Actually, a Web
> interface to manage users and groups would be very helpful.
There is LAM if you are a Samba shop. Personally I find none of them
very impressive; we developed an in-house web fron end.
> Any tip would be greatly appreciated.
See "The LDAP Series" at http://www.whitemiceconsulting.com/node/30 :)
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |