HPE Community
Operating System - HP-UX
1833828 Members
2347 Online
110063 Solutions
New Discussion

LDAP problem

 
ivychung2
Frequent Advisor

‎04-18-2006 08:44 PM

‎04-18-2006 08:44 PM

LDAP problem

I have two unix server ( eg. they are Server A , Server B ) and want to use LDAP to control the user profile , each of these servers have some database and application are running , assume I have setup Server A as LDAP server . Now I am not too understand the practice of it, could anyone can advise .

1. If the password is centralized at Server A that means all users will login to the Server A first , could advise how the user can use the application at Server B ? should I setup ssh for the user who want to use Server B ?

2. How the path is shared between the servers ?

thx in advise.
0 Kudos
Reply
10 REPLIES 10
RAC_1
Honored Contributor

‎04-18-2006 08:56 PM

‎04-18-2006 08:56 PM

Re: LDAP problem

1. ldap is a password management tool. What it means is, the password the authentication is done on server where tool is installed. If you install ldap on server A, the password authentication will be done from server A irrespective of which server you are logging onto. No need to log onto server A first and then to server B. ssh is used for secure shell. It is same as telnet except that the data transmission happens in a secure way.

2. What path?
There is no substitute to HARDWORK
0 Kudos
Reply
Peter Godron
Honored Contributor

‎04-18-2006 08:57 PM

‎04-18-2006 08:57 PM

Re: LDAP problem

Hi,
please look at http://www.docs.hp.com/ for LDAP background reading first.

Can you also please read:
http://forums1.itrc.hp.com/service/forums/helptips.do?#28

0 points to 64 replies !
0 Kudos
Reply
ivychung2
Frequent Advisor

‎04-18-2006 09:31 PM

‎04-18-2006 09:31 PM

Re: LDAP problem

thx reply ,
"no need to login server A first " , do you mean if the user want to use the application in Server B , he just directly login to Server B , the LDAP will ask Server A to authenticate , am I right ? thx
0 Kudos
Reply
RAC_1
Honored Contributor

‎04-18-2006 09:37 PM

‎04-18-2006 09:37 PM

Re: LDAP problem

you just log onto server B. the authentication processes works in background, which contacts server A and authenticates you.
There is no substitute to HARDWORK
0 Kudos
Reply
ivychung2
Frequent Advisor

‎04-18-2006 10:00 PM

‎04-18-2006 10:00 PM

Re: LDAP problem

thx RAC,

but I have query , do you think centralize all user login to server A is good way ? if all user login to server A , and then I setup the ssh to re-direct the user to server B , the advantage is the users are no need to remember what application are in what server , he only login to login one single server ( it seems very good if there are many servers ) , am I right ? thx
0 Kudos
Reply
ivychung2
Frequent Advisor

‎04-19-2006 06:35 PM

‎04-19-2006 06:35 PM

Re: LDAP problem

thx reply ,

what is the usual practice , the user should login Server A or directly login Server B ( assume the user need to use the application at Server B ) ? please advise .
0 Kudos
Reply
RAC_1
Honored Contributor

‎04-19-2006 06:43 PM

‎04-19-2006 06:43 PM

Re: LDAP problem

No need to login to server A and fromt here to server B. Afterall the use of password management tool is for easy and effective management of users from single point.
There is no substitute to HARDWORK
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎04-19-2006 07:04 PM

‎04-19-2006 07:04 PM

Re: LDAP problem

Shalom

LDAP can be used like NIS. You have a master server and a slave or two. So long as user logon uses the correct ldap configuration, it will be authenticated.

It can be used to authenticate even windows users.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
ivychung2
Frequent Advisor

‎04-19-2006 09:44 PM

‎04-19-2006 09:44 PM

Re: LDAP problem

thx reply ,

you said "You have a master server and a slave or two"

that mean if the Server A ( ldap server ) is crashed , then the login will ask the auth. from Server B ( assume server B is slave ldap server ) , am I right ? if yes , how the password info is synchronize between server A and server B ? thx
0 Kudos
Reply
Ralph Grothe
Honored Contributor

‎04-19-2006 11:28 PM

‎04-19-2006 11:28 PM

Re: LDAP problem

You usually set up one master LDAP server and one or more replication servers.
Any updates (write accesses like ldapmodify) are done to the master server and then spread to the replication servers.
The syncronization of the replication servers is taken care of automatically but could as well be initiated by the directory admin.
As LDAP's main purpose is for mostly reading access this is usually appropriate for user authentication and single sign on.
If you put data in your directory that requires frequent updates (unlike an occassional change of password by a user) then better consider using a DBMS like MySQL, PostgreSQL, Informix, Oracle etc.
Madness, thy name is system administration
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.