Layer 7 Access Management

Expand all | Collapse all

NIS Replacement by CA Directory

  • 1.  NIS Replacement by CA Directory

    Posted 02-13-2017 05:05 PM

    Team,

     

    I see this question occasionally, on a process to manage the 1000's of Unix/Linux servers.    Some solutions offer integration with MS Active Directory, or 3rd party LDAP servers; others offer a middle ware solution that will directly manage all Unix/Linux servers.

     

    I wanted to offer this vetted process, that lower TCO and minimal effort to manage.

     

    How to manage 1000's of UNIX/LDAP servers and any multiple structural object classes needed for:

     

    - Users

    -Groups

    -NetGroups

    -Sudoer

    -etc

     

    Enclosed is a process that CA services performed for a customer with 1000's of Unix/Linux servers.

    The customer reviewed using other directory solutions, but did choose CA Directory after validation of POC use-cases.

     

    We were able to use a mix of:

    - CA Directory (as the primary centralized LDAPv3 store for authentication/authorization)

    -OS (Unix/Linux) Plugable Authentication Modules (built-in-to the OS) - Configured to use a LDAPv3 server.

    - CA Identity Manager - Used to centralized both Identity Management (create,modify, delete) with/without workflows & centralized password reset. 

     

    Note:   Password reset to any LDAPv3 server that acts as a "NIS favored" server, must update two (2) attributes:    userPassword & shadowLastChange (Epoch date)

     

    Please review the below deck and forward any questions.

     

     

    Edit:   1/30/2018   -   Add attachment that shows three (3) CX connectors to the three (3) structural objectClasses.



  • 2.  Re: NIS Replacement by CA Directory

    Posted 02-13-2017 05:46 PM

    Thanks for sharing this with the community Alan!

    NIS Replacement by CA Directory