From: Sal Serafino (serafino@cshl.edu)
Date: Wed Jun 11 2003 - 13:30:39 EDT
Hi Gurus-
I'm sorry this is lengthy, but I have to give you details.
The History: We have an intense application with multiple data areas and
environments that has rapidly expanded and now includes three portals and four
servers. Each portal uses the same LDAP service for ACLs via user/passwd
authentication at the web server level, and then connects to any of the four
hosts based on the requested URL. An intermediate connector on the application
servers map the LDAP user to a UNIX user with consistency. Outside of some UNIX
username/uid mismatches from one machine to the other, it all seems straight
forward. We are using NIS+ -- a migration to LDAP is in the works. The problem
is not about setting up or using LDAP and/or NIS+ at the Solaris level.
The Problem: The application handles security using internals that read
/etc/passwd rather than call getpwnam() or equivalent. The software vendor
currently does not support any type of centralized naming service. There are
"rumors" that the next release "may" include such support, but it will not be
available for at least a year or more. If I went NIS+ or LDAP on these servers
to synchronize UNIX accounts, /etc/passwd would not contain user names, and the
application could not do security checks. There is no method I know of for
synchronizing users between these four hosts and the directory server. This has
become a huge monster in only the last month and a half.
Does anyone have any ideas on how to get /etc/passwd populated and synchronize
/etc/shadow with LDAP? I will do LDAP to NIS+ to YP hacks if necessary.
Thanks,
Sal Serafino
UNIX Administrator
Cold Spring Harbor Laboratory
516-367-8498
516-367-8818 fax
mailto:Sal.Serafino@cshl.edu
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:26:34 EDT