[389-users] Do I need separate directory instances for Linux authentication and (for example) IMAP authentication?
Rich Megginson
rmeggins at redhat.com
Thu Aug 16 19:09:54 UTC 2012
On 08/16/2012 10:33 AM, Ray wrote:
> Hi,
>
> I posted this before without getting a response. I think the question
> is super simple to answer for LDAP experts. I'll try to rephrase the
> quiestion (in case it was unclear beforeā¦)
>
> I've geen googling quite a while on this topic trying all sorts of
> keyword combinations and found exactly nothing.
>
> LDAP appears to be commonplace, almost every server software I can
> think of comes with an LDAP authentication module. The services that
> use the directory may need have different user bases (i.e. not every
> Linux user needs to be an IMAP user also and not every IMAP user
> should automatically be able to SSH into servers).
>
> What is the right way to achieve the above?:
>
> 1) Have separate LDAP instances running, one for IMAP, the other one
> for Linux authentication. As there are some users that need both IMAP
> and Linux access, some users would need to be set up twice.
>
> 2) Have all users in one LDAP instance, and have different sets of
> attributes for IMAP and Linux authentication. Those users with IMAP
> access have their IMAP attributes filled in and those with Linux
> logins have their posix account settings filled with values. Some
> would have both.
This is the usual way to handle this.
> I do not see how to assign different passwords for the two services
> for this option.
Why do you need different passwords?
> Is there a way?
>
> Are there any other options?
>
>
> Cheers,
> Ray
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list