Linux – Super user in LDAP

ldaplinuxroot

I am running 10 Linux machines that is doing different types of work. The machines are configured to use LDAP authentication so when one user is configured in slapd he can login on all the machines. To make maintenance easier i want to create a root account in slapd so i can use this instead of the local root accounts when installing applications etc. but i am not sure on how to do this. Is it enough to create a user with the name root and gid/uid 0? should the local root be disabled somehow?

I am fully aware that this is normally not a good idea from a security perspective, but as mentioned before this is a special case.

Best Answer

Having a UID=0/GID=0 account should be sufficient.

Leave the local root user account alone, as if something happens to the LDAP server or the network you'll want "emergency access". Also, I would recommend that the LDAP server itself not be dependent on LDAP for authentication (chicken-and-egg situations).

Make sure you're using SSL/TLS as well.

I would also strongly recommend against doing this.

Related Topic