Sean Carolan
2008-Jan-10 20:40 UTC
[CentOS] Howto for LDAP authentication with replication
Can anyone point me to a how to or beginners guide to setting up LDAP authentication on CentOS5 with replication?
On Thu, 2008-01-10 at 14:40 -0600, Sean Carolan wrote:> Can anyone point me to a how to or beginners guide to setting up LDAP > authentication on CentOS5 with replication?---- well, if you want something that's comprehensive, I probably can't offer much. CentOS documentation definitely has some clues... http://www.centos.org/docs/5/html/5.1/Deployment_Guide/ch-ldap.html and you should become familiar with openldap's official documentation here... http://www.openldap.org/doc/admin23/ and finally, I would recommend a book... LDAP System Administration by Gerald Carter which really simplifies the instruction even though it is old and outdated Craig
Alexander Georgiev
2008-Jan-11 05:58 UTC
[CentOS] Howto for LDAP authentication with replication
2008/1/10, Sean Carolan <scarolan at gmail.com>:> Can anyone point me to a how to or beginners guide to setting up LDAP > authentication on CentOS5 with replication?http://freshmeat.net/projects/smbldap-tools/ this is what I've been using the last ....4-5 years.
Ross S. W. Walker
2008-Jan-13 01:46 UTC
[CentOS] Howto for LDAP authentication with replication
In fact Kerberos and LDAP are two great tastes that go well together. Keep user information and authorization information in LDAP while keep user authentication information in Kerberos. Later you could try to keep Kerberos authentication information in LDAP with Heimdel (spelling?) Kerberos (like MS AD does) though many purists feel this compromises the whole Kerberos security principal. Maybe it does, but it sure makes for easy redundancy. -Ross ----- Original Message ----- From: centos-bounces at centos.org <centos-bounces at centos.org> To: CentOS mailing list <centos at centos.org> Sent: Sat Jan 12 18:49:31 2008 Subject: Re: [CentOS] Howto for LDAP authentication with replication> Just so we're clear here, you are actually trying to learn two distinct > things simultaneously, how to use LDAP and how to use LDAP to > authenticate. They are not the same thing. If you knew how to use LDAP, > adding authentication to the knowledge base would be relatively trivial. > Likewise, if you knew how to use LDAP, configuring Webmin would be > relatively trivial.Thank you for the info. I understand that LDAP and authentication are not the same thing. We use LDAP within our organization for storing other types of data but most of the staff do not like to deal with it. In fact some team members were opposed to using LDAP for authentication, now I understand why! It seems to be a pain in the ass to learn how to use and configure.> I can tell you that Gerald Carter's book makes the entire process > painless but you are going to do it your way and I respect that to a > point...but ask that you recognize that you do so at the peril of > massive frustration.At this point I am leaning toward using kerberos instead. It took me 20 minutes to get a working kerberos server installation up and running, and I can now easily add new users and authenticate them, manage tickets, etc. Now I understand what you meant about LDAP not being designed for authentication. Thank you again for your time, Craig. This was a good learning experience for me. thanks Sean _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos ______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20080112/0f1a8426/attachment-0002.html>
Nicolas Sahlqvist
2008-Jan-13 01:50 UTC
[CentOS] Howto for LDAP authentication with replication
On 1/13/08, Ross S. W. Walker <rwalker at medallion.com> wrote:> > In fact Kerberos and LDAP are two great tastes that go well together. > > Keep user information and authorization information in LDAP while keep user > authentication information in Kerberos. > > Later you could try to keep Kerberos authentication information in LDAP with > Heimdel (spelling?) Kerberos (like MS AD does) though many purists feel this > compromises the whole Kerberos security principal. Maybe it does, but it > sure makes for easy redundancy. > > -Ross > > > ----- Original Message ----- > From: centos-bounces at centos.org <centos-bounces at centos.org> > To: CentOS mailing list <centos at centos.org> > Sent: Sat Jan 12 18:49:31 2008 > Subject: Re: [CentOS] Howto for LDAP authentication with replication > > > Just so we're clear here, you are actually trying to learn two distinct > > things simultaneously, how to use LDAP and how to use LDAP to > > authenticate. They are not the same thing. If you knew how to use LDAP, > > adding authentication to the knowledge base would be relatively trivial. > > Likewise, if you knew how to use LDAP, configuring Webmin would be > > relatively trivial. > > Thank you for the info. I understand that LDAP and authentication are > not the same thing. We use LDAP within our organization for storing > other types of data but most of the staff do not like to deal with it. > In fact some team members were opposed to using LDAP for > authentication, now I understand why! It seems to be a pain in the > ass to learn how to use and configure. > > > I can tell you that Gerald Carter's book makes the entire process > > painless but you are going to do it your way and I respect that to a > > point...but ask that you recognize that you do so at the peril of > > massive frustration. > > At this point I am leaning toward using kerberos instead. It took me > 20 minutes to get a working kerberos server installation up and > running, and I can now easily add new users and authenticate them, > manage tickets, etc. Now I understand what you meant about LDAP not > being designed for authentication. Thank you again for your time, > Craig. This was a good learning experience for me. > > thanks > > Sean > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > > ______________________________________________________________________ > This e-mail, and any attachments thereto, is intended only for use by > the addressee(s) named herein and may contain legally privileged > and/or confidential information. If you are not the intended recipient > of this e-mail, you are hereby notified that any dissemination, > distribution or copying of this e-mail, and any attachments thereto, > is strictly prohibited. If you have received this e-mail in error, > please immediately notify the sender and permanently delete the > original and any copy or printout thereof. > >