School Intranet Servers (was: Re: [Lias] Thanks for help re Proxy)

[Craig Ringer]

> LDAP is a good option, especially when there is a need for cross-platform
> authentication. Is anybody out there using it in practice? 

I have it running for authentication of linux users between two 
machines, however I haven't yet tried to merge in NT domain 
authentication. I'm not sure its worth it, the users all use different 
machines.

> Given that every user on a small setup would have a home directory, the
> simplest approach would be to use useradd (or the equivalent in Webmin)
> with shadow password authentication. What are the benefits of LDAP over
> this?

All users can log in at all machines with the same user ID and password. 
If you enable shared home directories over (eg) auto-mounted NFS, they 
get the same homedirs too. This can have some issues with differing app 
version not liking each other's .folders (mozilla, for example), though.

Centralized management. You can replicate to one or more slave servers 
so losing the master server won't prevent users from logging in.

If you don't have multiple machines and don't expect to need them 
anytime soon, don't bother. At least using openldap/slapd its quite 
fiddly to get started, though it works well once its up and running.

Craig