Saturday, October 25, 2008

Centralised Authentication on Solaris

It's a big topic. Some might even call it a bit daunting.

Most importantly this is a subject that I didn't feel I knew enough about, and so began the journey of discovery to learn what one must do to have single sign on (SSO) under Solaris.

Microsoft's AD really does make it a bit easy for windows admins - there really is just the one choice, and like it or not you're going to be doing it the one way. About the only weird thing is that they persist with making the very standard task of setting up a domain controller, a command line app (dcpromo.exe), despite windows being very obviously a GUI centric world.

On the Solaris/Linux front we're too spoilt for choice. There are a good number of centralised directory/LDAP systems out there and I spent the best part of a day just trying to catch up on all the naming conventions and versions.

The major players appear to be:
Apache Directory Server
OpenDS
OpenLDAP
Sun Java System Directory Server

I had a look at the last three in some depth.
OpenDS is an entirely java based ldap server, which is a bit...odd, but more importantly to me, it doesn't appear to have any kind of a integrated gui front end whatsoever.
Now I know what you're thinking, it's Solaris, if you don't want command line, then pick up your toys and go play with Windows!

I've already deployed OpenLDAP on linux, and have run it for around 4 years powering my home network. It's been solid but it's really painful having to use command line tools for even the most mundane of updates. By the time you throw some kind of SSL into the mix, it becomes really ugly to manage and maintain. I'm sorry - this time around I wanted a GUI and that's that.

Which brings us to the Sun Java Directory Server - a product which goes by so many many names it's VERY hard to figure out what you are working on. Being a Sun product designed for Solaris it did seem the obvious tool for the job right from the start, but I wanted to at least give some of the other choices some review before making a start.

Having made the decision to go with the Sun DS, I created a zone on supernova and started the install.

Details in the next post.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)