[Info-vax] LDAP
Grant Taylor
gtaylor at tnetconsulting.net
Sat Oct 10 18:19:32 EDT 2020
On 10/10/20 3:36 PM, Craig A. Berry wrote:
> Another feature that I think no one has mentioned is that you can
> control who gets to log in to the VMS system by setting up your LDAP
> search to only get results for a specified AD group.
I ran into that when configuring Active Directory Integration for Unix /
Linux at my last job.
Local accounts are inherently local. If you don't have a local account,
you can't do anything.
Directory accounts (AD / NDS / eD / LDAP / NIS(+)) are inherently much
larger scope than local accounts. It's expected that people will have a
directory account that should not be logging in to any given system.
As such, you become dependent on a new piece of information being
required to scope who can and can not log into a given system.
Explaining this during the ADI4U project ended up taking a LOT of
meeting time.
Q: But why do I need a new group to say who can and can not log into
this system using this new Directory thingy? I didn't need it using the
old method.
Me: <facepalm>
--
Grant. . . .
unix || die
More information about the Info-vax
mailing list