LDAP Authentication In Linux
This howto will show you howto store your users in LDAP and authenticate some of the services against it.
LDAP authentication is nice.. but it can also cause problems.
Every time you do an "ls" you'll hit the ldap server to look up file ownership.
Every time your webserver goes to get a file, it'll hit the ldap server to check permissions.
Something tells me because it's called _Lightweight_ Directory Access Protocol that wont be a problem unless you're doing thousands upon thousands of lookups per second...and in any event, [open]ldap supports replication. It solves numerous more problems than it fixes.
That's why there is something called Name Switch Cache Daemon (nscd)
Authenticating systems to LDAP is great. Especially because there's so much possible versatility. For example, not only can you authenticate logins, but you can also setup AutoFS to pull automount information from LDAP, and even better, you can actually pull SUDO access rules from LDAP (to replace the sudoers file).
This makes it *so* much easier to remove direct root login, and force administrators to use sudo. It also makes it easier to selectively grant additional access to users.
LDAP authentication is nice.. but it can also cause problems.
Every time you do an "ls" you'll hit the ldap server to look up file ownership.
Every time your webserver goes to get a file, it'll hit the ldap server to check permissions.
Something tells me because it's called _Lightweight_ Directory Access Protocol that wont be a problem unless you're doing thousands upon thousands of lookups per second...and in any event, [open]ldap supports replication. It solves numerous more problems than it fixes.
That's why there is something called Name Switch Cache Daemon (nscd)
Authenticating systems to LDAP is great. Especially because there's so much possible versatility. For example, not only can you authenticate logins, but you can also setup AutoFS to pull automount information from LDAP, and even better, you can actually pull SUDO access rules from LDAP (to replace the sudoers file).
This makes it *so* much easier to remove direct root login, and force administrators to use sudo. It also makes it easier to selectively grant additional access to users.
<< Home