LDAP for Linux and Unix Clients

Overview #

This discussion is regarding the setup of Linux and Unix clients to use LDAP as an authentication and authorization source for non-privileged users.

We specifically isolate Privileged User Management (PUM) and non-privileged users as the aspects are quite different and we feel should be handled differently.

This subject, like a lot of technical subjects, is complex in that is involves many different relatively simple processes and as is often the case there are many different methods to accomplish the same end goal. If you have a better idea or comment, we welcome the opportunity to leran more.

What to Modify #

There are several files that may need to be modified either by hand or through one of the various GUI configuration utilities available on Linux and Unix platforms.

While we attempted to identify the Linux and Unix platforms when we describe the various operations, if not mentioned they were probably on the SuSE Enterprise platform as that is the platform we are most familiar. Further, as thing never stay the same, you need to do your own due diligence and do not even think of blaming us.

Most *NIX distributions use a Pluggable Authentication Modules or PAM for authentication and authorization of their clients. All(?) major distributions have at least "loosely" standardized on the PAM Implementation by the Linux Kernel Project's implementation.

This does not intend to imply there are not other leaders in this subject area. Certainly SUN and HP have contributed a grat deal to Pluggable Authentication Modules and in many ways have stayed ahead of the Linux Kernel Project's implementation.

The following sub-systems need to be configured to allow authentication and authorization for Linux and Unix Clients from LDAP:

LDAP Client Configuration #

There is no "standard" LDAP Client Configuration for *NIX that we have found.

More Information #

There might be more information for this subject on one of the following: