[ale] open LDAP or NIS

[Stephen Pellicer]

On Thu, Sep 28, 2000 at 01:28:52PM -0400, mnichols wrote:
> Good Afternoon,
> 
> I would like to know if anyone in the LUG has had an expierence with open LDAP.
> All the information I can compile does not tell me if it can authenticate users
> logging on to a network. We have a product called RADIUS that is compatible with
> open LDAP but I am not certain if it will perform the same basic functions as
> NIS.

I use OpenLDAP whenever I can. I use it for authentication on my home
network. It works great too. You'll probably want to use nss_ldap for
the authentication integration. It also requires some tweaking to your
pam configuration (nothing too difficult, the packages and tarballs
include sample pam configurations). Once you get it up and running, I
like it a lot better than NIS configurations I've tried. A lot more
flexible, plus the possibilities are endless. I also use the LDAP
server for playing with OpenCA, commercial CA's, address books that
support LDAP (e.g. Netscape, Outlook [Express], etc.)

By the RADIUS statement, do you mean your RADIUS server can query an
LDAP backend for credentials? If so, as long as your schema is correct
it should work with OpenLDAP. LDAP is pretty plain so anything that
speaks LDAP should speak with OpenLDAP, the hard part is designing a
schema and directory layout that all your apps support. I've used
OpenLDAP with commercial products like Checkpoint Firewall-1 and
Entrust PKI and it works fine.

Lemme know if you want more details.

Stephen
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.