[CLUE-Tech] LDAP

[Jeremiah Stanley]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I need some really good resources on LDAP.  The presentation was very
> cool, but only scratched the surface.  I am looking at using it for an
> authentication system for multiple systems on multiple platforms.  We
> are trying to decide whether to finish a partial and very not working
> custom in-house solution that someone else started, or scrap it and
> put in LDAP.  Or....  a combination of the two (store the data LDAP,
> but have a custom app check it)

http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/ref-guide/s1-ldap-additional-resources.html

Theres a link to what I've used pretty successfully to implement LDAP 
Auth on some RH 7.x systems that I have running. It was painful, but the 
integration with Sendmail was a breeze.

It is highly recommended that you setup kerberos as well.

> Session hijacking is a real concern on the web apps, and this system
> needs to be useable for network logons, windows fat client logons,
> databse logons, etc.

The windows logins would be your only problem. Samba is starting to have 
hooks into using LDAP for auth but I would put it about a half a year off 
before it is anywhere near production quality. And if any of your apps can 
use PAM authentication then you are already set as PAM works great on my 
servers for FTP and user authentication. (I'm using Proftpd BTW).

JStanley
- -- 
Give a man a match, and he'll be warm for a minute, but set him on fire, and
he'll be warm for the rest of his life.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8Q3TyAd8Nj1SHkdcRAlIGAJ9c8u/KBUhHopySZHZVTHqYSTGjtACfQJwf
9jCv/Mh25CF0C2lZ/GXiaqE=
=r8kS
-----END PGP SIGNATURE-----