Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: user management - LDAP and local files
Operating Systems Linux SuSE user management - LDAP and local files Post 302277118 by scampi on Thursday 15th of January 2009 12:47:58 PM
Old 01-15-2009
Data user management - LDAP and local files
I am implementing LDAP on Linux based system using openldap.
My management objects to the idea that all individual users will authenticate against an LDAP server because “what if it is not available”
Their suggestion is that we run in parallel a set of local configured users and a set of LDAP configured users and both methods can coexist without conflicts.
I think it is a very bad idea but I cannot think of any good justification why it should be the case.
Besides the obvious that it is going to be very hard to maintain two separate methods for user management on multiple servers (about 20) and that it can create confusion when creating new users or disabling users.
Just to clarify, we have a cluster for the LDAP server and we have high availability.
Also, generic users that are required by the application or the database will stay on the local files.
I am talking about having some individual users managed locally in /etc/shadow and some using the LDAP server no synchronization between the two.
I know it sounds a horrible idea but I need to come up with some strong arguments to convince my “old fashioned” management.
I will appreciate any argument either way.
thanks
 

10 More Discussions You Might Find Interesting

1. Linux

ldap user disabled

Hi All, If ldap user is disabled on linux. Do you think ldap processes will still run while ldap user had been disabled? Thanks for any comment you may add. (2 Replies)
Discussion started by: itik
2 Replies

2. UNIX for Advanced & Expert Users

Determining if user is local-user in /etc/passwd or LDAP user

Besides doing some shell-script which loops through /etc/passwd, I was wondering if there was some command that would tell me, like an enhanced version of getent. The Operating system is Solaris 10 (recent-ish revision) using Sun DS for LDAP. (5 Replies)
Discussion started by: ckmehta
5 Replies

3. AIX

Do I need to configure my local windows to FTP files from local windows to a UNIX AIX server?

Hi Friends, I have this script for ftping files from AIX server to local windows xp. #!/bin/sh HOST='localsystem.net' USER='myid_onlocal' PASSWD='mypwd_onlocal' FILE='file.txt' ##This is a file on server(AIX) ftp -n $HOST <<END_SCRIPT quote USER $USER quote PASS $PASSWD put $FILE... (1 Reply)
Discussion started by: rajsharma
1 Replies

4. AIX

How to change normal user id to LDAP user id?

If I create a new user id test: mkuser id=400 test then I want it to LDAP user: chuser -R LDAP SYSTEM=LDAP registry=LDAP test It shows: 3004-687 User "test" does not exist. How to do? (4 Replies)
Discussion started by: rainbow_bean
4 Replies

5. Shell Programming and Scripting

switch user from local user to root in perl

Hi Gurus, I have a script that requires me to switch from local user to root. Anyone who has an idea on this since when i switch user to root it requires me to input root password. It seems that i need to use expect module here, but i don't know how to create the object for this. ... (1 Reply)
Discussion started by: linuxgeek
1 Replies

6. Shell Programming and Scripting

Management application user rights on the files in a Unix / Linux

good evening .. I have a plea, who I can help me with a management application user rights on the files in a Unix / Linux I need for college .. .. and not told us no clue .. thank you (1 Reply)
Discussion started by: alex90
1 Replies

7. AIX

Mix LDAP and LOCAL user on AIX

Hello, I'm currently trying to mix local and LDAP users on an AIX 7.1. I've triied many things. My LDAP Server in on a CentOS - OpenLDAP (which works fine with linux). I'm currently stuck on AIX at how to declare LDAP AND Local users. Here's what i did : /usr/sbin/mksecldap -c -h 'ldap03'... (15 Replies)
Discussion started by: AIX_user_324891
15 Replies

8. Shell Programming and Scripting

How to Switch from Local user to root user from a shell script?

Hi, I need to switch from local user to root user in a shell script. I need to make it automated so that it doesn't prompt for the root password. I heard the su command will do that work but it prompt for the password. and also can someone tell me whether su command spawns a new shell or... (1 Reply)
Discussion started by: Little
1 Replies

9. UNIX for Advanced & Expert Users

AD Group Policy Management and Kerberos / LDAP

Has anyone attempted to define GPO / HBAC policies in Windows Server 2012 that could be respected by Kerberos/LDAP on AIX? I'm looking to associate servers to groups so that when a user part of a group tries to login to a host not associated with that group, it would be denied. This would allow... (3 Replies)
Discussion started by: Devyn
3 Replies

10. UNIX for Advanced & Expert Users

Pam.d and make difference between AD User and local user on Linux

Hello, i configured rhel linux 6 with AD directory to authorize windows users to connect on the system and it works. i have accounts with high privileges (oracle for example) if an account is created on the AD server i would to block him. I looked for how to do, for the moment all the... (3 Replies)
Discussion started by: vincenzo
3 Replies

LEARN ABOUT XFREE86

pam_ldap

pam_ldap(8)						      System Manager's Manual						       pam_ldap(8)

NAME

       pam_ldap - PAM module for LDAP-based authentication

SYNOPSIS

       pam_ldap.so [...]

DESCRIPTION

       This is a PAM module that uses an LDAP server to verify user access rights and credentials.

OPTIONS

       use_first_pass
	      Specifies that the PAM module should use the first password provided in the authentication stack and not prompt the user for a pass-
	      word.

       try_first_pass
	      Specifies that the PAM module should use the first password provided in the authentication stack and if that fails prompt  the  user
	      for a password.

       nullok Specifying this option allows users to log in with a blank password.  Normally logins without a password are denied.

       ignore_unknown_user
	      Specifies  that  the  PAM module should return PAM_IGNORE for users that are not present in the LDAP directory.  This causes the PAM
	      framework to ignore this module.

       ignore_authinfo_unavail
	      Specifies that the PAM module should return PAM_IGNORE if it cannot contact the LDAP server.  This causes the PAM framework  to  ig-
	      nore this module.

       no_warn
	      Specifies that warning messages should not be propagated to the PAM application.

       use_authtok
	      This  causes the PAM module to use the earlier provided password when changing the password. The module will not prompt the user for
	      a new password (it is analogous to use_first_pass).

       debug  This option causes the PAM module to log debugging information to syslog(3).

       minimum_uid=UID
	      This option causes the PAM module to ignore the user if the user id is lower than the specified value. This can be  used	to  bypass
	      LDAP checks for system users (e.g. by setting it to 1000).

MODULE SERVICES PROVIDED

       All services are provided by this module but currently sessions changes are not implemented in the nslcd daemon.

FILES

       /etc/pam.conf
	      the main PAM configuration file

       /etc/nslcd.conf
	      The configuration file for the nslcd daemon (see nslcd.conf(5))

SEE ALSO

       pam.conf(5), nslcd(8), nslcd.conf(5)

AUTHOR

       This manual was written by Arthur de Jong <arthur@arthurdejong.org>.

Version 0.8.10							     Jun 2012							       pam_ldap(8)
All times are GMT -4. The time now is 12:22 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy