Overview
User access in an larger organizations requires more sophisticated controls. For this purpose Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) have become popular choices as they offer more sophisticated and robust ways of controlling access. In this chapter, you will learn why AD and LDAP are popular choices.
Learning Objectives
- Understand how LDAP or AD works and why it is beneficial.
- High level understanding of hardening Rocky Linux, a RHEL adjacent distro.
- Gain a basic understanding of PAM.
Relevance and Context
In enterprise environments, managing user identities and system access at scale is critical for security, compliance, and operational efficiency. Lightweight Directory Access Protocol (LDAP) and Active Directory (AD) provide centralized authentication, authorization, and account management capabilities that far surpass local account management methods.
Understanding these systems is foundational for administrators working with Rocky Linux, a Red Hat Enterprise Linux (RHEL) derivative, especially when implementing compliance standards such as DISA STIGs or CIS Benchmarks. Mastering integration points like PAM (Pluggable Authentication Modules) and services like sssd allows administrators to ensure secure and scalable authentication across diverse systems.
Prerequisites
To be successful, students should have a working understanding of skills and tools including:
- Basic Directory navigation.
- Knowledge of editing config files.
- Basic knowledge of StigViewer.
- Understanding of SystemD services and the SysCTL command.
Key Terms and Definitions
PAM
AD
LDAP
sssd
oddjob
krb5
realm/realmd
wheel (system group in RHEL)