Over the past few days I got OpenLDAP installed on a VM, and configured a few other VMs to use the server for authentication. The real struggle was to get sudo-ldap to play nicely and to automate the system for a simple, yet granular system for giving people access to certain machines. Currently, I have a few configuration files that list the users, their password hashes and which machines they can administer. A few homebrew scripts I threw together then parse through those files and make the changes. If a user needs to be giving sudo access to three machines, rather than logging into those three machines and making a user, and granting access on each, just modify two files and you’re done. If you’re looking for more information on how it’s done, check out the COSI wiki, which has lots of cool information about all sorts of things.
Peace and chow,