To create a robust, highly available directory service, 2 servers are configured at one site and 2 more at a secondary site:
There are many users and advantages to using LDAP as a naming service over NIS or individually managed servers:
- Centralized administration of users who log in to AIX, Linux, and Solaris servers and workstations
- Groups of users can be created and managed in a centralized repository
- Password policies governing user passwords are centralized and enforced
- Netgroups can be used to restrict user access to specified servers and workstations
- Policies governing inactive users
- Repository provides high failover capability and high availability
- Directory Server version 6.0 is installed on the four directory servers, which run the Solaris 10 OS with all the required patches.
- SSL will be used for all communication between the directory servers and between the directory servers and the AIX, Linux, and Solaris OS clients.
- There is no existing NIS/NIS+ environment.
- You will consolidate user data from the local
/etc/passwd
and/etc/group
files on all native LDAP clients, and you will enforceuidNumber
uniqueness. - The
pam_ldap
Solaris pluggable authentication module (PAM) is used exclusively for directory users and account management. - Netgroups will be used to control user access to any server managed by the Directory Server naming service.
The article is presented in the following four parts:
No comments:
Post a Comment