Team,
I see this question occasionally, on a process to manage the 1000's of Unix/Linux servers. Some solutions offer integration with MS Active Directory, or 3rd party LDAP servers; others offer a middle ware solution that will directly manage all Unix/Linux servers.
I wanted to offer this vetted process, that lower TCO and minimal effort to manage.
How to manage 1000's of UNIX/LDAP servers and any multiple structural object classes needed for:
- Users
-Groups
-NetGroups
-Sudoer
-etc
Enclosed is a process that CA services performed for a customer with 1000's of Unix/Linux servers.
The customer reviewed using other directory solutions, but did choose CA Directory after validation of POC use-cases.
We were able to use a mix of:
- CA Directory (as the primary centralized LDAPv3 store for authentication/authorization)
-OS (Unix/Linux) Plugable Authentication Modules (built-in-to the OS) - Configured to use a LDAPv3 server.
- CA Identity Manager - Used to centralized both Identity Management (create,modify, delete) with/without workflows & centralized password reset.
Note: Password reset to any LDAPv3 server that acts as a "NIS favored" server, must update two (2) attributes: userPassword & shadowLastChange (Epoch date)
Please review the below deck and forward any questions.
Edit: 1/30/2018 - Add attachment that shows three (3) CX connectors to the three (3) structural objectClasses.