openldap synchronize with local users and groups [closed]
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
I have a server running openldap 2.4.31 in which I store my user and group posix accounts. How can I automatically copy the user and group accounts on the first login so that if the machine disconnects from the ldap server the user can still login? Also, would it be possible to automatically update the password and group membership for the local account if it is updated on the ldap server provided they are connected again?
The openldap server is running on ubuntu 14.04 and the other machines are running ubuntu 14.04, CentOS 7 and Arch linux.
What would be the common way to solve this in a company network running only linux machines? With windows machines this seems to be solved using active directory and maybe some policies but in a company with centralized login servers and laptops with either linux only or mixed OS I supposed this is done with ldap or radius or both.
linux openldap
closed as too broad by Jeff Schaller, msp9011, schily, Thomas Dickey, Archemar Sep 3 at 13:13
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
add a comment |Â
up vote
2
down vote
favorite
I have a server running openldap 2.4.31 in which I store my user and group posix accounts. How can I automatically copy the user and group accounts on the first login so that if the machine disconnects from the ldap server the user can still login? Also, would it be possible to automatically update the password and group membership for the local account if it is updated on the ldap server provided they are connected again?
The openldap server is running on ubuntu 14.04 and the other machines are running ubuntu 14.04, CentOS 7 and Arch linux.
What would be the common way to solve this in a company network running only linux machines? With windows machines this seems to be solved using active directory and maybe some policies but in a company with centralized login servers and laptops with either linux only or mixed OS I supposed this is done with ldap or radius or both.
linux openldap
closed as too broad by Jeff Schaller, msp9011, schily, Thomas Dickey, Archemar Sep 3 at 13:13
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
1
It sounds to me like it might be an XY problem, and that an LDAP replication slave might be a cleaner solution.
â Jeff Schaller
Sep 20 '15 at 18:29
@JeffSchaller would that require me to have an ldap database on every client that needs this feature?
â Jimmy
Sep 22 '15 at 15:12
...and to configure replication and the clients to include its own replica as a server.
â Jeff Schaller
Sep 22 '15 at 15:32
@JeffSchaller seems like it must exist a less complex solution that wouldn't require ldap replication but maybe not as clean.
â Jimmy
Sep 22 '15 at 15:37
I'm not aware of one; you have competing goals of local access versus centralized management. My two cents - focus on why your server(s) are disconnecting from LDAP.
â Jeff Schaller
Sep 23 '15 at 1:06
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I have a server running openldap 2.4.31 in which I store my user and group posix accounts. How can I automatically copy the user and group accounts on the first login so that if the machine disconnects from the ldap server the user can still login? Also, would it be possible to automatically update the password and group membership for the local account if it is updated on the ldap server provided they are connected again?
The openldap server is running on ubuntu 14.04 and the other machines are running ubuntu 14.04, CentOS 7 and Arch linux.
What would be the common way to solve this in a company network running only linux machines? With windows machines this seems to be solved using active directory and maybe some policies but in a company with centralized login servers and laptops with either linux only or mixed OS I supposed this is done with ldap or radius or both.
linux openldap
I have a server running openldap 2.4.31 in which I store my user and group posix accounts. How can I automatically copy the user and group accounts on the first login so that if the machine disconnects from the ldap server the user can still login? Also, would it be possible to automatically update the password and group membership for the local account if it is updated on the ldap server provided they are connected again?
The openldap server is running on ubuntu 14.04 and the other machines are running ubuntu 14.04, CentOS 7 and Arch linux.
What would be the common way to solve this in a company network running only linux machines? With windows machines this seems to be solved using active directory and maybe some policies but in a company with centralized login servers and laptops with either linux only or mixed OS I supposed this is done with ldap or radius or both.
linux openldap
linux openldap
edited Sep 27 '15 at 17:33
asked Sep 20 '15 at 18:00
Jimmy
12816
12816
closed as too broad by Jeff Schaller, msp9011, schily, Thomas Dickey, Archemar Sep 3 at 13:13
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
closed as too broad by Jeff Schaller, msp9011, schily, Thomas Dickey, Archemar Sep 3 at 13:13
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
1
It sounds to me like it might be an XY problem, and that an LDAP replication slave might be a cleaner solution.
â Jeff Schaller
Sep 20 '15 at 18:29
@JeffSchaller would that require me to have an ldap database on every client that needs this feature?
â Jimmy
Sep 22 '15 at 15:12
...and to configure replication and the clients to include its own replica as a server.
â Jeff Schaller
Sep 22 '15 at 15:32
@JeffSchaller seems like it must exist a less complex solution that wouldn't require ldap replication but maybe not as clean.
â Jimmy
Sep 22 '15 at 15:37
I'm not aware of one; you have competing goals of local access versus centralized management. My two cents - focus on why your server(s) are disconnecting from LDAP.
â Jeff Schaller
Sep 23 '15 at 1:06
add a comment |Â
1
It sounds to me like it might be an XY problem, and that an LDAP replication slave might be a cleaner solution.
â Jeff Schaller
Sep 20 '15 at 18:29
@JeffSchaller would that require me to have an ldap database on every client that needs this feature?
â Jimmy
Sep 22 '15 at 15:12
...and to configure replication and the clients to include its own replica as a server.
â Jeff Schaller
Sep 22 '15 at 15:32
@JeffSchaller seems like it must exist a less complex solution that wouldn't require ldap replication but maybe not as clean.
â Jimmy
Sep 22 '15 at 15:37
I'm not aware of one; you have competing goals of local access versus centralized management. My two cents - focus on why your server(s) are disconnecting from LDAP.
â Jeff Schaller
Sep 23 '15 at 1:06
1
1
It sounds to me like it might be an XY problem, and that an LDAP replication slave might be a cleaner solution.
â Jeff Schaller
Sep 20 '15 at 18:29
It sounds to me like it might be an XY problem, and that an LDAP replication slave might be a cleaner solution.
â Jeff Schaller
Sep 20 '15 at 18:29
@JeffSchaller would that require me to have an ldap database on every client that needs this feature?
â Jimmy
Sep 22 '15 at 15:12
@JeffSchaller would that require me to have an ldap database on every client that needs this feature?
â Jimmy
Sep 22 '15 at 15:12
...and to configure replication and the clients to include its own replica as a server.
â Jeff Schaller
Sep 22 '15 at 15:32
...and to configure replication and the clients to include its own replica as a server.
â Jeff Schaller
Sep 22 '15 at 15:32
@JeffSchaller seems like it must exist a less complex solution that wouldn't require ldap replication but maybe not as clean.
â Jimmy
Sep 22 '15 at 15:37
@JeffSchaller seems like it must exist a less complex solution that wouldn't require ldap replication but maybe not as clean.
â Jimmy
Sep 22 '15 at 15:37
I'm not aware of one; you have competing goals of local access versus centralized management. My two cents - focus on why your server(s) are disconnecting from LDAP.
â Jeff Schaller
Sep 23 '15 at 1:06
I'm not aware of one; you have competing goals of local access versus centralized management. My two cents - focus on why your server(s) are disconnecting from LDAP.
â Jeff Schaller
Sep 23 '15 at 1:06
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
0
down vote
You will need to replicate your data to every machine if I understood you right. For that you'll need to use Syncrepl, please read the documentation in order to implement it: http://www.openldap.org/doc/admin24/replication.html#Syncrepl
I hope that this is what you are looking for.
add a comment |Â
up vote
0
down vote
You can setup PAM to cache data from ldap
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
You will need to replicate your data to every machine if I understood you right. For that you'll need to use Syncrepl, please read the documentation in order to implement it: http://www.openldap.org/doc/admin24/replication.html#Syncrepl
I hope that this is what you are looking for.
add a comment |Â
up vote
0
down vote
You will need to replicate your data to every machine if I understood you right. For that you'll need to use Syncrepl, please read the documentation in order to implement it: http://www.openldap.org/doc/admin24/replication.html#Syncrepl
I hope that this is what you are looking for.
add a comment |Â
up vote
0
down vote
up vote
0
down vote
You will need to replicate your data to every machine if I understood you right. For that you'll need to use Syncrepl, please read the documentation in order to implement it: http://www.openldap.org/doc/admin24/replication.html#Syncrepl
I hope that this is what you are looking for.
You will need to replicate your data to every machine if I understood you right. For that you'll need to use Syncrepl, please read the documentation in order to implement it: http://www.openldap.org/doc/admin24/replication.html#Syncrepl
I hope that this is what you are looking for.
answered Sep 27 '15 at 17:40
Thiago Fontes
106
106
add a comment |Â
add a comment |Â
up vote
0
down vote
You can setup PAM to cache data from ldap
add a comment |Â
up vote
0
down vote
You can setup PAM to cache data from ldap
add a comment |Â
up vote
0
down vote
up vote
0
down vote
You can setup PAM to cache data from ldap
You can setup PAM to cache data from ldap
answered Sep 27 '15 at 18:18
smokes2345
697314
697314
add a comment |Â
add a comment |Â
1
It sounds to me like it might be an XY problem, and that an LDAP replication slave might be a cleaner solution.
â Jeff Schaller
Sep 20 '15 at 18:29
@JeffSchaller would that require me to have an ldap database on every client that needs this feature?
â Jimmy
Sep 22 '15 at 15:12
...and to configure replication and the clients to include its own replica as a server.
â Jeff Schaller
Sep 22 '15 at 15:32
@JeffSchaller seems like it must exist a less complex solution that wouldn't require ldap replication but maybe not as clean.
â Jimmy
Sep 22 '15 at 15:37
I'm not aware of one; you have competing goals of local access versus centralized management. My two cents - focus on why your server(s) are disconnecting from LDAP.
â Jeff Schaller
Sep 23 '15 at 1:06