[PLUG] Openldap, should I use it???

drew wymore drew.wymore at gmail.com
Tue Jan 16 21:03:52 UTC 2007 

On 1/14/07, someone <plug_0 at robinson-west.com> wrote:
>
> I'm planning to use PostgreSQL with horde and IMP.
>
> Question is, should I set up LDAP on the physical
> mail server?
>
> Can LDAP ease remote synchronization of web browsers?
> Say I want all my bookmarks in firefox without having
> to physically copy them from one machine to another.
>
> Does LDAP work if you want to have differing user
> accounts from one machine to the next?  For example,
> an RDBMS will only exist on 2 out 3 servers and I
> don't want a postgres user on one of them.  I also
> like to vary the root password across these three
> servers so that someone guessing it only gets access
> to 1 and not all 3 machines.
>
> Does anyone know of a really good guide to help me decide
> if LDAP is something I should add or not to my network?




Hi Michael-
> It doesn't sound like given your specs that you'd want to use OpenLDAP.
> LDAP is like Active Directory in the Windows world. It allows
> synchronization of data across a network. You could run multiple instances
> of the LDAP daemon "slapd" on different machines which would meet your
> criteria but its probably more hassle then its worth setting up unless you
> wanted to share across the network from one master to slaves that would then
> have copies of the users from the master which also wouldn't meet your
> criteria for multiple root accounts.
>
> All the above being said you *could* run it in what I call hybrid mode.
> That is to say, I have global user accounts stored in LDAP and I have local
> accounts that I don't want replicated across stored in standard
> /etc/passwd<shadow> files on the local machines. I'm using the nsswitch *see
> http://www.padl.com*  method which I think is simpler then PAM IMHO but I
> think you're running in a PAM based environment so I'm not familiar enough
> to say whether or not that the methods I use would work for you.
>
> I would be happy to work with you via chat/email if you'd like to talk
> further and need assistance in setting up a test environment. And I also
> have the OpenLDAP administrator's guide that you or anyone on the list is
> welcome to borrow if they'd like to read up on the ugly details of the
> protocol itself.
>
> Drew-
>

More information about the PLUG mailing list