[ale] long shot: different ldap servers for authentication and for updates

Jim Kinney jim.kinney at gmail.com
Wed Mar 21 17:56:51 EDT 2018


Freeipa. It uses ldap for storage syncronizes automagically across multiple, redundant servers. Users can change password at commandline with passwd or go to a web page.

On March 21, 2018 5:51:55 PM EDT, Todor Fassl via Ale <ale at ale.org> wrote:
>We are running a master openldap server with 2 slaves. All of our 
>workstations are configured to authenticate versus the slaves. The 
>problem is that if someone wants to change their password, it wants to 
>talk to the slaves. But you cannot do updates on the slave/replication 
>servers. The name service ldap cache daemon (nslcd) does not appear to 
>have a way to configure different servers for reads/authentication and 
>updates. Any ideas on a solution for this? About the only thing I can 
>think of is to have a machine set aside as a place to change your 
>password. So if you want to change your password, you have to ssh to 
>this special machine which is configured to talk to the master ldap
>server.
>-- 
>Todd
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>https://mail.ale.org/mailman/listinfo/ale
>See JOBS, ANNOUNCE and SCHOOLS lists at
>http://mail.ale.org/mailman/listinfo

-- 
Sent from my Android device with K-9 Mail. All tyopes are thumb related and reflect authenticity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20180321/2826da6a/attachment.html>


More information about the Ale mailing list