From: Sengor (sengork@gmail.com)
Date: Wed Feb 06 2008 - 06:45:38 EST
On 2/6/08, Beck, Joseph <jbeck@seic.com> wrote:
> We recently introduced native LDAP as a naming service in our latest
> batch of development server builds.
>
> I'm looking for a good reference book, manual, site in terms of
> operational tasks. For example, the default password policy has quickly
> become an issue for a few users. I need to better understand if/how to
> implement a password policy at the LDAP level or if this is strictly
> done at the system level (via /etc/default/passwd or pam.conf or ?).
Security policies often initiate user's issues.
Or put in other words your security policy would govern the password
policies...
> A few other areas I need to research are roles, profiles, jumpstart,
> etc. & understand how much flexibility there is...for example, can I
> manage home directory (+profile) based on hostname or do they all need
> to be the same?
docs.sun.com and sun blueprints are a good start, or even sunsolve.
> Also, one architectural question, do companies typically have separate
> LDAP infrastructures? One for development environment & one for
> production? I'm thinking there has to be a design that would allow for 1
> centralized LDAP instance which would then replicate a subset of that
> data to other LDAPs.
Most companies don't have multiple DNS/NIS/NIS+ environments, LDAP
should not be an exception to this. All of them are meant to
centralise by means of avoiding single points of failure and
introducing single points of control. That's why there's master/slave,
primary/secondary service models for all of these.
-- _________________________________/ sengork.blogspot.com ///// _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:42:45 EDT