Is LDAP still the bees knees?

We don't have anything to share regarding a feature related to server IAM, but I did escalate your feedback to make sure that it was heard.

To answer your question: LDAP is indeed still the bees knees.

Assuming you're referring to only managing Linux user access, I can't think of another solution that wouldn't require as much or more effort to set up for managing your users across servers.

If you haven't already, I recommend checking out https://www.openldap.org/

I've been all over that site. Yeah, the need to create two files per user added, including assignment of user and group ids just barfs me out!

It's great that users can change their passwords in the usual way and have that update in LDAP; why the heck can't I define users via sudo adduser and have that update an LDAP directory too?

And now having read https://www.linode.com/community/questions/19925/how-can-i-prevent-root-logins-to-my-linode-over-lish I'm reminded I'll also need a recovery plan in case I somehow lose access to my LDAP servers! (a bug destroys the VLAN; the servers deleted; rodents…)

Is there a practical guide to getting LDAP fully set up that you can recommend, instead of the very piecemeal docs at OpenLDAP?

Thanks for your reply and help!

Lee

Hey Lee,

I don't have a specific guide that I can recommend, but I did do some digging around the web to see what I could find.

This tutorial seems like it should be of use:

• https://likegeeks.com/linux-ldap-server/

Let us know how it works out!

It's great that users can change their passwords in the usual way and have that update in LDAP; why the heck can't I define users via sudo adduser and have that update an LDAP directory too?

This is why God invented the Bourne/C/Korn/Z/POSIX/Bourne-again shells…

See:

https://www.linux.com/training-tutorials/managing-ldap-command-line-linux/

-- sw