- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: user management - LDAP and local files
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-14-2009 08:58 AM
тАО01-14-2009 08:58 AM
user management - LDAP and local files
My management objects to the idea that all individual users will authenticate against an LDAP server because тАЬwhat if it is not availableтАЭ
Their suggestion is that we run in parallel a set of local configured users and a set of LDAP configured users and both methods can coexist without conflicts.
I think it is a very bad idea but I cannot think of any good justification why it should be the case.
Besides the obvious that it is going to be very hard to maintain two separate methods for user management on multiple servers (about 20) and that it can create confusion when creating new users or disabling users.
I will appreciate any argument either way.
Thanks,
A.K
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-14-2009 09:29 AM
тАО01-14-2009 09:29 AM
Re: user management - LDAP and local files
You can setup a second LDAP server (with synchronization) for High Availavility.
Other approach would be to create all the generic accounts locally (the ones used to run applications) which are often the more cricital and leave all the regular/real users on LDAP.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-14-2009 09:41 AM
тАО01-14-2009 09:41 AM
Re: user management - LDAP and local files
We have a cluster for the LDAP server and we have high availability.
Also, generic users that are required by the application or the database will stay on the local files.
I am talking about having some individual users managed locally in /etc/shadow and some using the LDAP server ├в no synchronization between the two.
I know it sounds a horrible idea but I need to come up with some strong arguments to convince my ├в old fashioned├в management.
thanks,
A.K
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-14-2009 10:21 AM
тАО01-14-2009 10:21 AM
Re: user management - LDAP and local files
The user account centralization, and UID/GID consistency are the major benefits of a Directory Server.
You can also add centralized security policies using LDAP server, like LDAP SUDO rules.
If you will have different local and ldap accouns, besides the administrative complexity there is no other problem.
Another argument is that without the use of LDAP, your users must follow the account policy rules on each server, having to change their information on all servers if required.
>>> ├в what if it is not available├в
You must desmostrate the high availability of the service. You can also say that the name service cache daemon can help you in that case.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-14-2009 04:59 PM
тАО01-14-2009 04:59 PM
Re: user management - LDAP and local files
file://localhost/home/obrodkin/.mozilla/firefox/opirgk71.default/ScrapBook/data/20081031170459/index.html#listing18
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-18-2009 06:48 AM
тАО01-18-2009 06:48 AM
Re: user management - LDAP and local files
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-19-2009 06:48 AM
тАО01-19-2009 06:48 AM
Re: user management - LDAP and local files
Google has alot of info on this subject. I've never done it manually, SuSE supports this via installer.
Best Regards
Fredrik Eriksson