6 Nov
2018
6 Nov
'18
6:34 a.m.
On 11/05/2018 08:03 PM, Robert Brockway wrote:
One caveat with LDAP. When I last did this a few
years ago many Linux
systems were set up in such a manner that a failure of LDAP makes the
systems largely unusable. AFAIK this is still a problem.
A sysadmin logging in had to wait out a series of timeouts while trying
to open nsswitch.conf or the PAM config to disable LDAP so the
underlying problems could be addressed.
I've experienced such pain. It's not fun.
I think SSSD is coming in to vogue as an abstraction layer between the
system and LDAP+Kerberos for this very reason.
--
Grant. . . .
unix || die