[wellylug] LDAP info

nic nic at tymar.com
Tue Sep 18 04:35:13 NZST 2007


There's a bunch of users with Windows desktops, a Windows 2003 server, a Linux box with 
postfix and squid, people currently have separate passwords for logging on to Windows, in 
to mail, and on to squid. In addition some people have passwords for specialised network 
devices, and/or browser-based apps on some apache servers (typically written in PHP or 
Python, with source available), PPTP access and probably a million other things I've 
forgotten.

LDAP is the thing that comes to mind when I think about ways of trying to manage this 
complexity and move towards a single sign on, (preferably using PKI rater than passwords, 
but that's another step). Trouble is, I don't really even know the questions to ask to get 
me on the way, hence the ill-defined nature of the original post.

Does LDAP sound like the right type of tool to use in this case? Is it better to use the 
Windows AD LDAP, or a separate server? Am I being naive in thinking it would be possible 
to get down to a single authentication system and a single password/key for the majority 
of users? has anyone out there done this sort of thing and are they willing to sell/give 
some advice?

Nic

Cliff Pratt wrote:
> nic wrote:
>> Hi people
>>
>> What's a good book (or other info) on how to implement LDAP for
>> enterprise authentication? I'm particularly interested in how to tie
>> it in with Windows
>>
> Windows Active Directory contains an LDAP server. Do you want to use 
> that for authentication? Or do you want to authenticate Windows users 
> using LDAP in a workgroup situation?
> 
> Cheers,
> 
> Cliff
> 
> 




More information about the wellylug mailing list