Michael Hannon <[log in to unmask]> writes:

> Greetings.  We're exploring the use of OpenLDAP as an authentication
> service on an SL 5.2 system (i386).  (Yea, I know: welcome to the 20th
> century.)  We'd like to be able to use it to enable logins via ssh,
> among other things.
>
> If you have a recipe for doing such things, will you please send me a
> pointer to it?  Thanks.

Yes, I do this for my group's workstations and department's servers.  

I run a predominantly Debian environment, but besides the exact names
of the packages you need to install, my notes should be fairly general
and apply to an SL based install.  You can take a look here:

http://www.phy.bnl.gov/computing/index.php/Ldap_Authentication_Server

For me the trickiest part was getting the client PAM config correct in
order to support "pam_check_host_attr" so as to limit who can log into
what machine.  Almost all instructions I read, at that time, simply
got this wrong.


I have also developed some Python code to manage LDAP for this purpose
and have customized things to integrate am-util's automounter and
puppet configuration management.  If you (or others) are interested in
any of this let me know and I can elaborate.

-Brett.