Change OpenLDAP to FreeIPA
Product: https://www.freeipa.org/page/Main_Page (Upstream Red Hat Identity Manager)
Tutorial: https://citizix.com/how-to-install-and-configure-freeipa-on-rocky-linux-centos-8/
-
Sysadmin must have 2FA on jump hosts (VPN, Gate) -
Sysadmin firewall rules https://openvpn.net/community-resources/configuring-client-specific-rules-and-access-policies/ -
Implementation of FreeIPA -
FreeIPA authentication https://docs.rockylinux.org/guides/security/authentication/active_directory_authentication/ https://www.digitalocean.com/community/tutorials/how-to-set-up-centralized-linux-authentication-with-freeipa-on-centos-7
Edited by Weise, Martin