asked on

LDAP server set up question

I am not an LDAP expert, so i need assistance help setting up the LDAP server. I have a single LDAP server running RHEL 6.5. The machines that need to use this LDAP server for authentication can be classified in to the following groups -

                  Org 1 - Cluster 1 (m/c 1, m/c 2, m/c 3, m/c 4) , Cluster 2 (m/c 5, m/c 6, m/c 7), m/c 8
                  Org 2 - Cluster 3 (m/c 9, m/c 10, m/c 11, m/c 12) , Cluster 4 (m/c 13, m/c 14, m/c 15), m/c 16
                  Org 3 - Cluster 5 (m/c 17, m/c 18, m/c 19, m/c 20)

A little more details on this set up -

Org 1, Org 2 and Org 3 are considered to be separate group of companies or departments.

Between Org 1, Org 2 and Org 3 - may share the same users (I don’t mind if the users are stored as two different users in LDAP under different orgs)

Each m/c in the above configuration run a RHEL 6.5.

And when I mean a cluster of machines for e.g. m/c 1, m/c 2, m/c 3 and m/c 4 consider this as a single app such as Hadoop or Pentaho, so if a user is granted access to this cluster then the user should have access to all the four machines.

Apart from the cluster of machines the set up will also contain individual machines like m/c 8 and m/c 16.

The level of access that needs to be controlled is at a Org -> Cluster level. For e.g. let's say a user 1 belongs to Org 1, if he is granted access to Cluster 1, then that person should only be able to login to m/c 1, m/c 2, m/c 3 and m/c 4. Machines 5 - 8 should remain inaccessible to user 1.

What is the best practice to implement such a set up ? I have to keep all the authentication in one LDAP server.