Posted by: Administrator
on October 30, 2005 10:54 PM
Thanks for the good words, first of all.
I think most of your questions were answered by other posts but I can shed a little more light.
LDAP SSL Only? Yes. Our example will default to SSL only if you change Debian/[your distro] to listen only on port 636.
Mix LDAP and normal accounts? Yes. By default the articles will steer you toward creating LDAP-only users but will drop back to trying local accounts as well. What that means is if you created "jobu" in LDAP as well as locally, your setup will first try LDAP and then local files. Since Jobu exists locally, you will log in.
That said, if LDAP is down and the user only exists in LDAP, you will not be able to log in. That is why myself and others advise not putting root in LDAP. Also, a commentor to my last article mentioned a solution that caches LDAP information.
Is this setup standard? Well, that is not really answerable. Linux LDAP documentation isn't documented well. My hope with these articles was to change that.
LDAP password stored locally. Big issue that many of us complain about. I certainly would hope that could be avoided. Maybe enough light has been shed for someone to volunteer to fix it?
Thanks again for the kind words. As per the LDAP address book, there is a pretty decent article located at: <a href="http://applications.linux.com/applications/05/05/18/1248224.shtml?tid=37" title="linux.com">http://applications.linux.com/applications/05/05/<nobr>1<wbr></nobr> 8/1248224.shtml?tid=37</a linux.com>
Learn about Linux
Download Linux
Get Linux help
Your reply
Posted by: Administrator on October 30, 2005 10:54 PMI think most of your questions were answered by other posts but I can shed a little more light.
LDAP SSL Only? Yes. Our example will default to SSL only if you change Debian/[your distro] to listen only on port 636.
Mix LDAP and normal accounts? Yes. By default the articles will steer you toward creating LDAP-only users but will drop back to trying local accounts as well. What that means is if you created "jobu" in LDAP as well as locally, your setup will first try LDAP and then local files. Since Jobu exists locally, you will log in.
That said, if LDAP is down and the user only exists in LDAP, you will not be able to log in. That is why myself and others advise not putting root in LDAP. Also, a commentor to my last article mentioned a solution that caches LDAP information.
Is this setup standard? Well, that is not really answerable. Linux LDAP documentation isn't documented well. My hope with these articles was to change that.
LDAP password stored locally. Big issue that many of us complain about. I certainly would hope that could be avoided. Maybe enough light has been shed for someone to volunteer to fix it?
Thanks again for the kind words. As per the LDAP address book, there is a pretty decent article located at: <a href="http://applications.linux.com/applications/05/05/18/1248224.shtml?tid=37" title="linux.com">http://applications.linux.com/applications/05/05/<nobr>1<wbr></nobr> 8/1248224.shtml?tid=37</a linux.com>
#