1748047 Members
4683 Online
108757 Solutions
New Discussion юеВ

Re: User Provisioning

 
SOLVED
Go to solution
John Payne_2
Honored Contributor

User Provisioning

What are people using for user provisioning? NIS? LDAP? Do it yourself?

How many machines do you provision to? How machine different is one machine to another? (One set of users here, one set of users over there, etc.)

John
Spoon!!!!
8 REPLIES 8
Steven E. Protter
Exalted Contributor

Re: User Provisioning

I think LDAP is the best way to go. I'm trying to set up an LDAP environment that uses openldap, has a Linux and an HP-UX as master server and has a pair of slave servers.

This environment integrates well with Windows clients and Samba.

Its a fun, and not as hard as Windows 2003 Server.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
John Payne_2
Honored Contributor

Re: User Provisioning

But what about the clients? Are all your machines the same, are they all different? Are there problems with doing ldap when you have a number of unique machines with unique users?

John
Spoon!!!!
Pete Randall
Outstanding Contributor

Re: User Provisioning

John,

Though I'm not sure exactly what you mean by provisioning, I think you're referring to how we set up users. I use the /etc/passwd and /etc/group files and simply keep them in sync on all the different HP-UX machines by rcp'ing them. Overly simplistic, perhaps, but it works for me. I suspect your environment might be a little too complex for this kind of solution, though.


Pete

Pete
Mel Burslan
Honored Contributor

Re: User Provisioning

So far we were doing it the hard way, i.e., add user to the server(s) they need access to, locally on each server. We have a department who manages user provisioning. My an my colleagues' role is to help keep the problems away from this user provisioning department and troubleshoot when something happens. Also, creating privileged accounts and dispensing sudo access is upto us, the sysadmins. It is not a wise way but this is what company policy dictates.
________________________________
UNIX because I majored in cryptology...
Devesh Pant_1
Esteemed Contributor
Solution

Re: User Provisioning

LDAP is one way and I don't think there is a rule to find out how many machines as long as the LDAP provisioning agent is runnig on the box. It is like as many as the number of clients that can be added to the server. There are some third pary tools also available for cross platform operations and they might have licenses based on the number of servers/clients.
You can also consider Active directory services based products like vintela
www.vintela.com

Please see this ppt which is on LDAP-UX integration

http://h21007.www2.hp.com/dspp/files/unprotected/hpux/ldap-uxintegrationpresentation.ppt

thanks
Devesh
John Payne_2
Honored Contributor

Re: User Provisioning

Thanks for the replies. (I had never even considered any kind of Active Directory integration, and I still might not, but it is interesting to see that it's there.)

What I'm really after is to find some people with something like a similar environment as ours, and see how they provision users. We have a signifigant number of unix/linux machines. There about 75 users common among all of them, things break down from there. I have machines where all other users are unique to anything else, groups of machines with common users, etc. (For example, one machine has the 50 common users, and then 300 unique users for a specific department. These unique users are on no other unix machines. I have "platform' of 12 machines that have the 50 common, plus another 50 that are in common among the 12 machines, etc.)

Are there people out there like us? Do you just hire people to go out and provision users, or what?

LDAP integration looks nice, but what are the implications for an environemtn like ours? Do we have to continue to provision like we are doing, and just use LDAP for the actual authentication? Can we set up some sort of group model in LDAP and 'subscribe' a machine to those groups that are needed for that machine's use?

Thanks
John
Spoon!!!!
Mel Burslan
Honored Contributor

Re: User Provisioning

John,

I strongly discourage you to use it but there is an initiative to deploy CA's eTrust package on all our platforms, unix, linux, other *ix, and the Redmond's finest for the very same reasons that you states in your previous message/expanded question. So far, my experience with deployment is really subpar. It may be because the project manager who supposed to provide clear and coincise install info did not do so. Also, I have a bad gut feeling for suites whose enterprise control app runs on nothing but windows machines.

Just to let you know in case you are evaluating solutions.
________________________________
UNIX because I majored in cryptology...
Pete Randall
Outstanding Contributor

Re: User Provisioning

I have a bad gut feeling about anything from CA!

;^)


Pete

Pete