recommend secure & efficient Unix LDAP (equiv of Windows AD)
Posted on 2016-08-15
UNIX ID Management/Administration is one of the most tedious job since we have to login interactively to each of the server when there is a request to create/delete a sysadmin (or apps support) user in the hundreds of Unix servers.
We have AIX, Sparc Solaris 10 & 11 & a few Solarix Intel & a few RHEL : almost all of them are physical ie non-VM.
Our compliance privileged user management & access tool is CyberArk (ie sysadmins have to go thru it)
A few options:
a) have a centralized tool like HPSA or Nagios which we could centrally send a "useradd" or "userdel" command
to the servers : but this is not as good as wintel AD-like solution because accounts are still locally created
& every 60-90 days have to login manually by the owners to change password.
Also, in Solaris, root accounts that expire will cause root cron jobs to fail
b) years ago I heard of Sun's NIS+ solution but this can't be used with AIX & RHEL or can it?
c) solution must not have adverse impact or unwieldy to apps like Oracle DB, Oracle Financials,