LDAP for central authentication?
David Rosenstrauch
darose-prQxUZoa2zOsTnJN9+BGXg at public.gmane.org
Thu Dec 3 10:29:04 EST 2009
On 12/02/2009 09:55 PM, Scott Ehrlich wrote:
> For the NIS+Samba case, can I merge both credential files into a
> central database using LDAP? I would also want to control password
> length, complexity, aging, and other things.
>
> What is the best way to do this?
>
>
> Thanks.
>
> Scott
I can't speak to integrating LDAP with the specific systems you're using
(i.e., NIS, and Samba). But we recently set up LDAP authentication for
a bunch of our internal systems (Subversion, Trac, Nagios, etc.) and
it's worked out well so far.
We used OpenLDAP. And for the password length / complexity we used a
combination of 2 things:
1) the OpenLDAP password policy overlay (see:
http://linux.die.net/man/5/slapo-ppolicy)
2) the OpenLDAP pwdChecker library from the LDAP Tool Box project (see:
http://ltb-project.org/wiki/documentation/openldap-ppolicy-check-password)
Between the two of them, they were able to meet our password complexity
requirements.
HTH. Feel free to email back on or off list if you have questions.
DR
More information about the Discuss
mailing list