chavi1011
asked on
LDAP server set up question
I am not an LDAP expert, so i need assistance help setting up the LDAP server. I have a single LDAP server running RHEL 6.5. The machines that need to use this LDAP server for authentication can be classified in to the following groups -
Org 1 - Cluster 1 (m/c 1, m/c 2, m/c 3, m/c 4) , Cluster 2 (m/c 5, m/c 6, m/c 7), m/c 8
Org 2 - Cluster 3 (m/c 9, m/c 10, m/c 11, m/c 12) , Cluster 4 (m/c 13, m/c 14, m/c 15), m/c 16
Org 3 - Cluster 5 (m/c 17, m/c 18, m/c 19, m/c 20)
A little more details on this set up -
What is the best practice to implement such a set up ? I have to keep all the authentication in one LDAP server.
Org 1 - Cluster 1 (m/c 1, m/c 2, m/c 3, m/c 4) , Cluster 2 (m/c 5, m/c 6, m/c 7), m/c 8
Org 2 - Cluster 3 (m/c 9, m/c 10, m/c 11, m/c 12) , Cluster 4 (m/c 13, m/c 14, m/c 15), m/c 16
Org 3 - Cluster 5 (m/c 17, m/c 18, m/c 19, m/c 20)
A little more details on this set up -
Org 1, Org 2 and Org 3 are considered to be separate group of companies or departments.
Between Org 1, Org 2 and Org 3 - may share the same users (I don’t mind if the users are stored as two different users in LDAP under different orgs)
Each m/c in the above configuration run a RHEL 6.5.
And when I mean a cluster of machines for e.g. m/c 1, m/c 2, m/c 3 and m/c 4 consider this as a single app such as Hadoop or Pentaho, so if a user is granted access to this cluster then the user should have access to all the four machines.
Apart from the cluster of machines the set up will also contain individual machines like m/c 8 and m/c 16.
The level of access that needs to be controlled is at a Org -> Cluster level. For e.g. let's say a user 1 belongs to Org 1, if he is granted access to Cluster 1, then that person should only be able to login to m/c 1, m/c 2, m/c 3 and m/c 4. Machines 5 - 8 should remain inaccessible to user 1.
What is the best practice to implement such a set up ? I have to keep all the authentication in one LDAP server.
ASKER
m/c (machine) stands for a RHEL 6.5 Linux machine. I am not worried about the cost as well.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks. the guide has all the details
It is a bit lengthy, but still much better than sticking PAM manuals together
Using RHEL 6.5 will be expensive as you need EUS subscription, not the normal one.