LDAP for passwords ONLY

From: "TomViolin" <TomViolin@xxxxxxxxx>
Date: 30 Mar 2006 22:35:45 -0800

I run a Linux file and web server for a small unit of a larger
university. The university maintains an LDAP server that has all
faculty, staff, and students in it, and includes their main password
which is used for e-mail and other online services.

What I would like to do is configure Linux on the machine so that
already-existing users configured in /etc/passwd and /etc/shadow could
use their university password for shell logins and Samba access, but
that all other configuration settings, such as which groups they are
in, the groups themselves, etc., would continue to be maintained
locally on our Linux server. If I want to grant another user access, I
would like to simply be able to add them into our server, being careful
to give them the same login name as their existing campus username, set
their group memberships and so on for our server, and then allow them
to log in using their LDAP-authenticated password.

But, all the configuration examples that I have seen basically require
you to turn over administration of users completely over to LDAP, with
the exception of certain accounts which you can select to completely
maintain locally (including the password). I want the middle ground,
in which existence of, and group membership, shell setting, name, etc.,
for the users is managed locally on the machine, and only the password
is authenticated with LDAP.

The university IT department, which maintains the LDAP server, knows
nothing of the particular groups and access settings that I want to
make on our unit's server, and I would prefer to leave it that way.

Any ideas? Have I missed something obvious here?

.

Follow-Ups:
- Re: LDAP for passwords ONLY
  - From: Rolf-Arne Schulze

Prev by Date: Re: Where to buy old Thinkpads in large lots?
Next by Date: Re: setting global environmental variables
Previous by thread: Where to buy old Thinkpads in large lots?
Next by thread: Re: LDAP for passwords ONLY
Index(es):
- Date
- Thread

Relevant Pages

Re: Upgrading from a Windows 2000 domain
... Please post the results from running the following command at a command ... LDAP query to speficied LDAP server on TCP port 389 failed ... When I run Adprep /forestprep it is not ...
(microsoft.public.windows.server.active_directory)
Re: Upgrading from a Windows 2000 domain
... Here are the results of dnslint your requested me to run: ... LDAP query to speficied LDAP server on TCP port 389 failed ... When I run Adprep /forestprep it is not ...
(microsoft.public.windows.server.active_directory)
Issues with OpenLDAP 2.4.15 and FreeBSD 8.0-CUrrent as well as with FreeBSD 7.2-PRE using DB
... First I see on all FreeBSD flavours a coredump of LDAP clients when doing ldapsearch, ... Another very severe issue is with Db 4.7 and OpenLDAP 2.4.15 as taken from ports. ... Several experimental boxes with FreeBSD 8.0-CURRENT and FreeBSD 7.1/7.2 were referring to that LDAP server for user authetication. ...
(freebsd-current)
Issues with OpenLDAP 2.4.15 and FreeBSD 8.0-CUrrent as well as with FreeBSD 7.2-PRE using DB
... First I see on all FreeBSD flavours a coredump of LDAP clients when doing ldapsearch, ... Another very severe issue is with Db 4.7 and OpenLDAP 2.4.15 as taken from ports. ... Several experimental boxes with FreeBSD 8.0-CURRENT and FreeBSD 7.1/7.2 were referring to that LDAP server for user authetication. ...
(freebsd-questions)
Re: ldap connection problem
... > Is your LDAP string is correct? ... correspond to my ldap server. ... matter because if a desktop application should work then i dont need a web ...
(microsoft.public.dotnet.general)