LDAP can be very difficult to learn if you are just starting out with it, but also very powerful. There may be other faster solutions then a manual setup, but I found that I learned the most by doing all of it manually. On Red Hat based systems, I believe their IPA solution is quite good. It uses LDAP and Kerberos and does most of the leg work for you. I have no idea if any of that is compatible with Debian based systems (I don't think it is).
Anyway here are a lot of the resources I used when learning, configuring, and setting up my authentication system: * * http://debian-handbook.info/browse/wheezy/sect.ldap-directory.html * http://ubuntuforums.org/showthread.php?t=1421998 * http://www.openldap.org/lists/openldap-technical/201401/msg00140.html * https://help.ubuntu.com/community/GnuTLS * https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/115967 * help.ubuntu.com/community/OpenLDAPServer <https://help.ubuntu.com/community/OpenLDAPServer> * http://www.openldap.org/doc/admin24/guide.html * https://help.ubuntu.com/community/Kerberos * http://www.openldap.org/lists/openldap-technical/201201/msg00140.html * slapd-config(5) * *http://www.zytrax.com/books/ldap/* <http://www.zytrax.com/books/ldap/ch6/#security> * http://www.zytrax.com/books/ldap/ch7/#overview * http://www.zytrax.com/books/ldap/ape/config.html#olcsyncprovconfig * http://www.cyberciti.biz/faq/how-do-i-rotate-log-files/ * https://www.ietf.org/rfc/rfc2307.txt * https://tools.ietf.org/id/draft-howard-rfc2307bis-02.txt * There's plenty more out there as well. If you want I can send you my own setup guide, which I built over the years from all these resources (and probably many more I never recorded), just keep in mind that doc is specific to myself and my business and it involves setting up OpenLDAP not just for authentication but for almost anything. I also don't use OpenLDAP for authentication only authorization. I use MIT Kerberos for auth (which uses OpenLDAP as its backend). To be more specific to your question of "good resources" I would say as a subset of all the links above the below are the best ones to start with: *http://debian-handbook.info/browse/wheezy/sect.ldap-directory.html ***help.ubuntu.com/community/OpenLDAPServer <https://help.ubuntu.com/community/OpenLDAPServer> **http://www.zytrax.com/books/ldap/ As one last suggestion/comment/remark, I would suggest setting up OpenLDAP as your implementation of LDAP and would use PPolicy to authn/authz over TLS. If you don't want to send passwords over the wire then use Kerberos for the authentication component. Thanks, Joshua Schaeffer On 02/25/2017 03:16 PM, bri...@aracnet.com wrote:
I need to set-up some sort of password server for a small network so that i don't have to set-up accounts on every machine. It looks like LDAP is the best way to do that. Is it ? I've been looking at the LDAP how-to's and even tried to turn things on using one of them, but I can't quite get things working. Can someone point me to a good resource as to how to make it work ? Thanks!
