Re: LDAP authentication on a remote server (via ldaps://) [SOLVED]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Thu, 7 Oct 2010, Mathieu Baudier wrote:

>> You can also use StartTLS over the network and LDAPI (connection 
>> over Unix sockets, which are inherently secure) for apps running on 
>> the server. I use it, both with OpenLDAP and 389 Directory Server 
>> (a.k.a. Fedora DS, Red Hat DS).
>
> Unfortunately, I have a whole LAN whose user/group/auth management 
> is centralized with LDAP (each server having different apps). So I 
> need plain LDAP access on the LAN.

One possible solution is to have the main LDAP server addressable only 
via STARTTLS and a non-SSL, read-only slave on a different host that's 
visible only to your LAN.

Read up on the "syncrepl" directive for use in slapd.conf.

The slave could even exist in a VM hosted on the main LDAP server, 
since it's a very lightweight service.

-- 
Paul Heinlein <> heinlein@xxxxxxxxxx <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux