Authenticating to Unix Systems with eDirectory and LDAP
Novell Cool Solutions: Feature
By Barry Fausnaugh, Britt Courtney
Digg This -
Posted: 20 Jun 2002
An excellent AppNote piece that describes a consulting project to allow users of UNIX systems running Sun Solaris to authenticate to Novell eDirectory via LDAP. It provides both design and implementation details that can be adapted for use in similar projects.
Here's a bite:
This AppNote describes a project that was undertaken to implement a solution to allow Solaris UNIX systems to consume user account and group information from Novell eDirectory using Lightweight Directory Access Protocol (LDAP).
By integrating the necessary Solaris user and group information with the corresponding user information in eDirectory, you create a single point of user and group management which can:
Implementing this solution involves three main steps: extending the eDirectory schema, implementing the LDAP PAM and NSS modules on the Solaris systems, and modifying the configuration files on the Solaris system.
- Simplify account administration by allowing user administration to be performed from a single location.
- Secure user credentials by requiring users to use credentials only from eDirectory. Since only one set of credentials are used for both the NetWare/ LAN and Solaris environments, a password change on one system is immediately reflected on the other system.
- Accelerate user provisioning to the integrated systems. Since user credentials are stored in eDirectory, provisioning of user access to multiple Solaris systems can be integrated into existing user management procedures.
This AppNote first details the design specifications in terms of the Solaris requirements and the eDirectory requirements. It then covers the actual implementation guidelines and procedures used to accomplish the project.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com