[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] long shot: different ldap servers for authentication and for updates
- Subject: [ale] long shot: different ldap servers for authentication and for updates
- From: jim.kinney at gmail.com (Jim Kinney)
- Date: Wed, 21 Mar 2018 17:56:51 -0400
- In-reply-to: <[email protected]>
- References: <[email protected]>
Freeipa. It uses ldap for storage syncronizes automagically across multiple, redundant servers. Users can change password at commandline with passwd or go to a web page.
On March 21, 2018 5:51:55 PM EDT, Todor Fassl via Ale <ale at ale.org> wrote:
>We are running a master openldap server with 2 slaves. All of our
>workstations are configured to authenticate versus the slaves. The
>problem is that if someone wants to change their password, it wants to
>talk to the slaves. But you cannot do updates on the slave/replication
>servers. The name service ldap cache daemon (nslcd) does not appear to
>have a way to configure different servers for reads/authentication and
>updates. Any ideas on a solution for this? About the only thing I can
>think of is to have a machine set aside as a place to change your
>password. So if you want to change your password, you have to ssh to
>this special machine which is configured to talk to the master ldap
>server.
>--
>Todd
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>https://mail.ale.org/mailman/listinfo/ale
>See JOBS, ANNOUNCE and SCHOOLS lists at
>http://mail.ale.org/mailman/listinfo
--
Sent from my Android device with K-9 Mail. All tyopes are thumb related and reflect authenticity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20180321/2826da6a/attachment.html>