Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Suggestions
  4. Topic: LDAP Authentication
« previous next »
Pages: [1]   Go Down

LDAP Authentication

  • 3 Replies
  • 1672 Views

Joe Frost

LDAP Authentication
« on: February 26, 2001, 05:25:41 PM »
Hi,

I've just been looking at E-Smith 4.1.1 after downloading the CD image and installing. I'm very impressed.

Around six months ago I went through a similar exercise and ended up with my own version of E-Smith (I wasn't aware of E-Smith at the time) built from hand picked pieces of open source software running on RedHat 6.2

I very much like the idea of E-Smith and it's simple install and configuration but it lacks some of the features of my own system and this makes E-Smith less effective in the enterprise.

One of the best things about LDAP is that you can have single usernames and passwords distributed throughout all of your LDAP capable servers in the enterprise either replicated locally or simply pointed to another server.

I've looked at the data held in the E-Smith directory and it's clear that this is only intended for address-book style uasge and that the system employs a shadow password type method.

I'm aware that there are compromises when using LDAP for authentication such as Samba having to use plain text passwords unless you maintain a separate smbpassword file (E-Smith appears to do this anyway).

But to my mind the advantages of being able to maintain a single username/password for all services for each user throughout the organisation are enourmous.

Is there any intention to add this to a future release?

If so then I will certainly replace our Netware, NT, and hand-made Linux servers with E-Smith.

Thanks for the excellent product.

Joe Frost
IS Engineer
Omnis Software Ltd
Logged

Charlie Brady

Re: LDAP Authentication
« Reply #1 on: February 26, 2001, 07:12:03 PM »
Joe Frost wrote:

> One of the best things about LDAP is that you can have single
> usernames and passwords distributed throughout all of your
> LDAP capable servers in the enterprise either replicated
> locally or simply pointed to another server.

...

> Is there any intention to add this to a future release?

It is something that I am quite interested in building into a future release. However we are accumulating an extensive wish list, but still have only limited development resources.

Priorities in the TODO list are, of course, adjusted according to the wishes of our customers and partners.

Regards

Charlie
Logged

Fred Hage

Re: LDAP Authentication
« Reply #2 on: March 09, 2001, 03:22:25 PM »
To use the LDAP services as the central authentication database will be the real MS-backoffice/Exchange killer for e-smith. Also security-key management should be done by LDAP! Please move the LDAP up in the prioritylist.

Fred
Logged

Nathan Sain

Re: LDAP Authentication
« Reply #3 on: April 07, 2001, 02:54:36 AM »
I have to agree.  LDAP as a central password database makes sense for E-Smith.  First, it is already there and ready to be used.  Second, many of the services (Apache, Qmail, Proftpd) E-Smith uses already have ldap support for them, allowing for very robust virtual domain configurations.  Third, the  PAM and NSS modules for LDAP have been tested and used in production envroments for some time so there no question about the stability of such services.  Forth, many of the portal/group systems have, or intend, to support LDAP for account information.  Even Samba is on the LDAP bandwagon.  I'd love to see LDAP in the next feature release of E-Smith.

Nathan Sain
Deer High School IT Dpt.
Deer AR
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Suggestions
  4. Topic: LDAP Authentication