Web lists-archives.com

Re: good LDAP resources




On Sat, Feb 25, 2017 at 02:16:27PM -0800, briand@xxxxxxxxxxx wrote:
> I need to set-up some sort of password server for a small network so that i don't have to set-up accounts on every machine.
> 
> It looks like LDAP is the best way to do that.
> 
> Is it ?
> 
> I've been looking at the LDAP how-to's and even tried to turn things on using one of them, but I can't quite get things working.
> 
> Can someone point me to a good resource as to how to make it work ?

Depends on how small. I would say there is no particular payoff
for LDAP until you get to somewhere between 10 and 100 machines,
depending on what your userbase looks like.

For example: if you use puppet, chef, ansible or any of the
other configuration management tools, it's easy to distribute
users with that, and you get to distribute /etc/sudoers and
other things as well.

If you need instant password changes across a fleet of machines,
though, or you have a lot of people who all want to change their
passwords regularly, LDAP is the way to go. Remember that nearly
everything will be dependent on LDAP, so you need to have a
minimum of three physical machines to serve it from.

http://techpubs.spinlocksolutions.com/dklar/ldap.html might
help you out.

-dsr-