[Date Prev][Date Next] [Chronological] [Thread] [Top]

NSS_LDAP Solaris and Active directory

To: openldap-software@OpenLDAP.org
Subject: NSS_LDAP Solaris and Active directory
From: henk.coenen@philips.com
Date: Wed, 19 Jun 2002 21:19:58 +0200

Hello all,

We are currently working on replacing NIS by a LDAP directory (iPlanet or Active
Directory). Initially we will focus on moving the UNIX account information into a LDAP
directory in order to enable a single point of account administration. We already
have deployed kerberos to implement a Single Sign-On infrastructure between UNIX
and Windows 2000, so we would like to use the Active Director

We have encountered a number of problems with respect to compatibility of the LDAP
client on Solaris in combination with Active Directory. We are looking for a solution that
works with the schema changes implemented by Microsoft Services for UNIX (MSFU).

Currently we have two demo environments:

Situation 1: Directory implemented by iPlanet
o HP-UX making use of native LDAP client -- OK
o Linux making use of NSS_LDAP software -- OK
o Solaris making use of native LDAP client -- OK

Situation 2: Directory implemented by Active Directory + MSFU
o HPUX making use of native LDAP client -- OK
o Linux making use of NSS_LDAP software -- OK
o Solaris making use of both native LDAP client and NSS_LDAP software -- NOT OK

Situation 1 is working fine!

In situation 2 we have compatibility problems with the Solaris LDAP clients and Active
Directory. This is true for both the native LDAP implementation on Solaris and also for
the NSS_LDAP implementation.

With regard to these problems we have some questions:

1. Who has the Solaris native LDAP client running in combination with the Active Directory
as primary naming service to replace NIS?

2. We compiled the NSS_LDAP v191 for Solaris 2.8 making use of BerkeleyDB4.0.14 and
openldap, but unfortunately things do not work as would like. Who has the NSS_LDAP
software running in combination with the Active Directory ?

If yes. what did you use in combination with NSS_LDAP, how did you compile
and configure things, or in other words where can we find a recep

Thanks in advance
Henk

Ir H.G.P. (Henk) Coenen phone: +31-40-2744161

Philips Research Laboratories
Prof Holstlaan 4,
5656 AA Eindhoven, The Netherlands
Mailto:henk.coenen@philips.com

Prev by Date: Re: Specific user accounts not available to system.
Next by Date: getting past anonymous bind
Index(es):
- Chronological
- Thread