Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: I want to centralize user authentication
Operating Systems Linux Red Hat I want to centralize user authentication Post 302929319 by xdawg on Friday 19th of December 2014 12:07:42 PM
Old 12-19-2014
Question I want to centralize user authentication
Right now it is just a simple environment consisting of a small number of CentOS boxes, but I would like to set up central user authentication to make things easier, especially as we expand (I've already budgeted to triple our local infrastructure and we will be also expanding geographically to multiple regions internationally at some point next year).

Years ago, I remember NIS or NIS+ being the easiest thing in a pure Linux environment, but after some googling I'm finding that Open LDAP has replace it as the sort of "go to" for central user authentication in Linux?

Just wanted to see what other's opinions are, is there a particular "brand" of LDAP software that is preferred, or used more than others? Looking through the LDAP entry on Wikipedia I see quiet a lot of choices for server software, such as OpenLDAP, FreeIPA, 389 Directory server, etc etc.

Any/all opinions are welcome, I come from a primarily Microsoft background so I'm not used to having choices Image
 

10 More Discussions You Might Find Interesting

1. Solaris

User Authentication

Ok i need a little help... I have 20 Solaris 8 machines and I would like to have these machines do user authentication through one machine acting as server instead of having to maintain a user list on every machine. What can I do to achieve this? Thanks (3 Replies)
Discussion started by: meyersp
3 Replies

2. Shell Programming and Scripting

SFTP- Non-interactive user authentication

Hi All, sftp -b script.txt <hostname> user-authentication through non-interactive way is desired. But, its failing to do so. Could anyone kindly advise. Thanks for any/all help at the earliest. Regards, Dheeraj. (1 Reply)
Discussion started by: dheeruchakri
1 Replies

3. Forum Support Area for Unregistered Users & Account Problems

authentication of new user

I recently registered, but never received the email with the instructions for authenticating my account. I confirmed my email in in the profile looks correct. I found and clicked the link to resend the authentication email. I clicked that link two days ago and I still don't have the email. It... (1 Reply)
Discussion started by: dwallace
1 Replies

4. Solaris

Centralize multiple servers administration

Hello, this is my first post, i´m trying to get some help on this issue. I´m looking for a software product (maybe SUN or TIVOLI) that provide me help on doing administrative tasks involving solaris, aix , linux & HPUX machines. This tasks are user/password creation/modification, SSH rights,... (1 Reply)
Discussion started by: amedran
1 Replies

5. UNIX for Advanced & Expert Users

Centralize multiple servers administration

Hello, this is my first post, i´m trying to get some help on this issue. I´m looking for a software product (maybe SUN or TIVOLI) that provide me help on doing administrative tasks involving solaris, aix , linux & HPUX machines. This tasks are user/password creation/modification, SSH rights,... (2 Replies)
Discussion started by: amedran
2 Replies

6. Red Hat

Centralize logins w/ openldap

This is my first time configuring it, can someone give me advice on how you would config the architecture? For example, I'm stuck on the fail back issue. If my openldap box goes down, how do my users log in. I've heard of the following two options. 1 - create local user accounts ... ok but... (3 Replies)
Discussion started by: sdotsen
3 Replies

7. AIX

AIX: How to check which authentication method we are using for a user?

In /etc/security/user, we can set which authentication method we use for each user. for example: test: admin = false rlogin = false SYSTEM = "NONE" I want to test whether SYSTEM=NONE (without ") is acceptable. How can I verify it? and How can we check which... (1 Reply)
Discussion started by: quanba
1 Replies

8. AIX

LDAP user authentication issue

Hello everyone, hoping you can provide some incite with a little problem I'm having.. I have the LDAP client configured and running on my AIX 5.3 server, which is authenticating against an eDirectory LDAP server. I can login via LDAP no problems on the AIX server with newly created users,... (4 Replies)
Discussion started by: j_aix
4 Replies

9. Programming

Questions about user authentication in my application

Hi, all, I am a newbie to linux authentication part. Questions below really puzzle me: How to authenticate users from local storage(passwd shadow) and nis server? (Without PAM) getpwnam_r() will return a '*' in the pw_passwd field of "struct passwd". I can parse /etc/shadow. But how... (1 Reply)
Discussion started by: mythmgn
1 Replies

10. Shell Programming and Scripting

Perl LWP user authentication

Hello all.. i am new to perl scripting.. i wanted to parse a text file, encode the parsed text and attach in url.. please point me to right resources if you know any..This is my major problem. Now i try to get a url running and save it in a text file using LWP module in perl, I used following... (0 Replies)
Discussion started by: empyrean
0 Replies

LEARN ABOUT CENTOS

idmap_rfc2307

IDMAP_RFC2307(8)					    System Administration tools 					  IDMAP_RFC2307(8)

NAME

       idmap_rfc2307 - Samba's idmap_rfc2307 Backend for Winbind

DESCRIPTION

       The idmap_rfc2307 plugin provides a way for winbind to read id mappings from records in an LDAP server as defined in RFC 2307. The LDAP
       server can be stand-alone or the LDAP server provided by the AD server. An AD server is always required to provide the mapping between name
       and SID, and the LDAP server is queried for the mapping between name and uid/gid. This module implements only the "idmap" API, and is
       READONLY.

       Mappings must be provided in advance by the administrator by creating the user accounts in the Active Directory server and the posixAccount
       and posixGroup objects in the LDAP server. The names in the Active Directory server and in the LDAP server have to be the same.

       This id mapping approach allows the reuse of existing LDAP authentication servers that store records in the RFC 2307 format.

IDMAP OPTIONS

       range = low - high
	   Defines the available matching UID and GID range for which the backend is authoritative. Note that the range acts as a filter. If
	   specified any UID or GID stored in AD that fall outside the range is ignored and the corresponding map is discarded. It is intended as
	   a way to avoid accidental UID/GID overlaps between local and remotely defined IDs.

       ldap_server = <ad | stand-alone >
	   Defines the type of LDAP server to use. This can either be the LDAP server provided by the Active Directory server (ad) or a
	   stand-alone LDAP server.

       bind_path_user
	   Specifies the bind path where user objects can be found in the LDAP server.

       bind_path_group
	   Specifies the bind path where group objects can be found in the LDAP server.

       user_cn = <yes | no>
	   Query cn attribute instead of uid attribute for the user name in LDAP. This option is not required, the default is no.

       cn_realm = <yes | no>
	   Append @realm to cn for groups (and users if user_cn is set) in LDAP. This option is not required, the default is no.

       ldap_domain
	   When using the LDAP server in the Active Directory server, this allows to specify the domain where to access the Active Directory
	   server. This allows using trust relationships while keeping all RFC 2307 records in one place. This parameter is optional, the default
	   is to access the AD server in the current domain to query LDAP records.

       ldap_url
	   When using a stand-alone LDAP server, this parameter specifies the ldap URL for accessing the LDAP server.

       ldap_user_dn
	   Defines the user DN to be used for authentication. The secret for authenticating this user should be stored with net idmap secret (see
	   net(8)). If absent, an anonymous bind will be performed.

       ldap_realm
	   Defines the realm to use in the user and group names. This is only required when using cn_realm together with a stand-alone ldap
	   server.

EXAMPLES

       The following example shows how to retrieve id mappings from a stand-alone LDAP server. This example also shows how to leave a small non
       conflicting range for local id allocation that may be used in internal backends like BUILTIN.

		[global]
		idmap config * : backend = tdb
		idmap config * : range = 1000000-1999999

		idmap config DOMAIN : backend = rfc2307
		idmap config DOMAIN : range = 2000000-2999999
		idmap config DOMAIN : ldap_server = stand-alone
		idmap config DOMAIN : ldap_url = ldap://ldap1.example.com
		idmap config DOMAIN : ldap_user_dn = cn=ldapmanager,dc=example,dc=com
		idmap config DOMAIN : bind_path_user = ou=People,dc=example,dc=com
		idmap config DOMAIN : bind_path_group = ou=Group,dc=example,dc=com

AUTHOR

       The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open
       Source project similar to the way the Linux kernel is developed.

Samba 4.0							    06/17/2014							  IDMAP_RFC2307(8)
All times are GMT -4. The time now is 07:28 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy