Keith C. Perry on 25 Aug 2016 10:22:30 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Questions regarding LDAP and AD

I'm in the middle of designing a solution for this for a client that is using Zentyal but hasn't been happy with how feature seem to have been disappearing in recent releases.  We're concerned about their strategy and getting caught off guard because of issues with MS being involved.

That said, I was looking at ApacheDS but that was a bit messy and didn't feel like it was ready for prime time.

With Fedora Server, FreeIPA supposedly can managed from Cockpit but even the UI on Fedora 24 Server is not showing the proper components.  Still, we're leaning that way because FreeIPA + Samba 4 would be a complete solution.

The problem there is that no one has confidence in Fedora Server staying stable enough for production so I'm rebuilding in Ubuntu since FreeIPA is available in 16.04 LTS.  Samba 4 of course is but Cockpit is less so.  Its also less critical but it would be nice.  I might just compile it if its not too big a deal.

Not the most fun I've ever had but there needs to be a real alternative to Zentyal.

To that end, in anyone knows someone close to the Zentyal folks.  I'd love to hear from them in regards to their future strategy and how much control or involvement does Microsoft really have.

---
KP-


On Aug 25, 2016 12:38 PM, Tone Montone <tonemontone@gmail.com> wrote:
Hello,

I have an implementation question regarding LDAP and AD. 

I am looking for advice on a path forward for managing user accounts across about 500 Unix systems, which are comprised of  a mixture of RHEL 5 and 6, and Solaris 10 and 11;  There is also some OEL, which is basically RHEL 5, and some Suse sprinkled in.  Currently, we are using local accounts, and I would like to move to a more streamlined/centralized method.

I need a solution that has a support package tied to it, as it's for a government installation and that is a mandatory requirement.  

I was thinking about using Red Hat Directory Server, which is basically 389-DS.  Having the AD server do a one-way sync to the DS, then have all the Unix systems point to the DS.  However, I read that in some instances you can have systems point directly to AD servers and get their authentication directly from the AD, so you don't need an LDAP intermediate server, but I am not sure it will work for all systems/OSes.  e.g. I read that you could use RHEL's IdM (Identity Manager) on RHEL 6, but I don't think this will work on RHEL 5.

I also thought about using LDAP for sudoers file management, as well as storing ssh public keys.

I installed 389-DS to do some testing, and I also looking at FreeIPA because it provides Kerberos, as well as Samba.

Any advice or experience anyone would like to share would be greatly appreciated.

Thanks,

Mike

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug