[389-users] Do I need separate directory instances for Linux authentication and (for example) IMAP authentication?
Ray
ray at renegade.zapto.org
Thu Aug 16 16:33:56 UTC 2012
Hi,
I posted this before without getting a response. I think the question
is super simple to answer for LDAP experts. I'll try to rephrase the
quiestion (in case it was unclear beforeā¦)
I've geen googling quite a while on this topic trying all sorts of
keyword combinations and found exactly nothing.
LDAP appears to be commonplace, almost every server software I can
think of comes with an LDAP authentication module. The services that use
the directory may need have different user bases (i.e. not every Linux
user needs to be an IMAP user also and not every IMAP user should
automatically be able to SSH into servers).
What is the right way to achieve the above?:
1) Have separate LDAP instances running, one for IMAP, the other one
for Linux authentication. As there are some users that need both IMAP
and Linux access, some users would need to be set up twice.
2) Have all users in one LDAP instance, and have different sets of
attributes for IMAP and Linux authentication. Those users with IMAP
access have their IMAP attributes filled in and those with Linux logins
have their posix account settings filled with values. Some would have
both. I do not see how to assign different passwords for the two
services for this option. Is there a way?
Are there any other options?
Cheers,
Ray
More information about the 389-users
mailing list