[CentOS] LDAP authentication on a remote server (via ldaps://) [SOLVED]
Paul Heinlein
heinlein at madboa.com
Thu Oct 7 17:05:58 UTC 2010
On Thu, 7 Oct 2010, Mathieu Baudier wrote:
>> You can also use StartTLS over the network and LDAPI (connection
>> over Unix sockets, which are inherently secure) for apps running on
>> the server. I use it, both with OpenLDAP and 389 Directory Server
>> (a.k.a. Fedora DS, Red Hat DS).
>
> Unfortunately, I have a whole LAN whose user/group/auth management
> is centralized with LDAP (each server having different apps). So I
> need plain LDAP access on the LAN.
One possible solution is to have the main LDAP server addressable only
via STARTTLS and a non-SSL, read-only slave on a different host that's
visible only to your LAN.
Read up on the "syncrepl" directive for use in slapd.conf.
The slave could even exist in a VM hosted on the main LDAP server,
since it's a very lightweight service.
--
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
More information about the CentOS
mailing list