[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and AD?

To: "Kervin Pierre" <kpierre@fit.edu>, "Le Ngoc Thach" <lnthach@yahoo.com>
Subject: Re: LDAP and AD?
From: "Jacques Landru" <landru@enic.fr>
Date: Thu, 28 Mar 2002 16:20:41 +0100
Cc: <OpenLdap-Software@openldap.com>
Organization: E.N.I.C.
References: <000f01c1d5fe$906cbf60$080101c0@vn.ibsdp.com> <3CA31DF9.7060001@fit.edu>

Hi,

To avoid a dual password database, which need synchronization,
I tried another approach. I authenticate the user on the MS Win NT PDC
using PAM SMB or PAM Winbind (included in the latest SAMBA release).
I only use OpenLDAP database for NSS LDAP to  associate UID GID numbers
with real usnames or groups.
http://www.enic.fr/people/landru/lobster/openldap/OpenLDAP-authenticating-wi
th-PAM.txt

We 'll soon migrate our WinNT PDC servers to  Win2K Active Directory.
Then I will try the Active Directory NIS server found int the MS WinSFU
(Service For Unix) package.
If it doesn't work, I will try the solution proposed by Kervin.
Our main goal is to minimize the impact of the dual account
management between MS Win and Linux environments.

Jacques Landru



----- Original Message -----
From: "Kervin Pierre" <kpierre@fit.edu>
To: "Le Ngoc Thach" <lnthach@yahoo.com>
Cc: <landru@enic.fr>; <OpenLdap-Software@OpenLDAP.com>
Sent: Thursday, March 28, 2002 2:43 PM
Subject: Re: LDAP and AD?


> Le Ngoc Thach wrote:
> > Hi Jacques Landru,
> >
> >
> >
> > I have a dream to have all passwords and users in LdapServer.
> ...
>
> I think you and I had the same dream, how about that? :)
>
> At any rate there are a number of ways to do synchronization already.  I
> am working one more way to do this at http://acctsync.sourceforge.net/ .
>
> I am taking the approach that iPlanet did with they NT directory sync
> product.  It comprises of a NT/2000 password filter that catches user
> password changes and updates the directory, and ldap server plugins that
> update NT/2000 when a user is added or a password gets changed.
>
> Although still in Alpha, I have wrote a generic password filter that
> calls a external script on user password changes.  My goal is to use
> this dll along with a 'passwd.pl' perl script to send this changes to
> the OpenLDAP server.  Someone else has wrote a password filter that does
> a direct ldap modify on the user's password attribute in the OpenLDAP
> server.  The latter is more efficient, but I believe less flexible.
> Either way there's a choice.
>
> I have made modifications to the perl backend to have it compile
> windows.  The patch is against CVS and is available from
>
http://prdownloads.sourceforge.net/acctsync/back-perl.win32.current.patch.gz
> I have tested the patch with activestate perl although, I believe
> another perl 5.6 distribution would work with minimal effort.  I don't
> know when/if the patch will be incorporated into OpenLDAP CVS.
>
> The final piece of the puzzle is the perl scripts to do the work.  I am
> planning to write these sometime this weekend. I'll also include
> pre-built binaries if I get the chance as well.  If you are interested
> keep an eye on http://acctsync.sourceforge.net/ .
>
> --Kervin
>
> --
> http://linuxquestions.org/ - Ask linux questions, give linux help.
> http://splint.org/ - Write safe C code. splint source-code analyzer.
>
>

Follow-Ups:
- Re: LDAP and AD?
  - From: Kervin Pierre <kpierre@fit.edu>
- Re: LDAP and AD?
  - From: Norbert Klasen <norbert.klasen@daasi.de>

References:
- LDAP and AD?
  - From: "Le Ngoc Thach" <lnthach@yahoo.com>
- Re: LDAP and AD?
  - From: Kervin Pierre <kpierre@fit.edu>

Prev by Date: Slapd listens only on 636
Next by Date: RE: Slapd listens only on 636
Index(es):
- Chronological
- Thread