[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap + SFU3

To: openldap-software@OpenLDAP.org
Subject: openldap + SFU3
From: "Krisztian K." <xian@niva.hu>
Date: Tue, 26 Aug 2003 13:36:44 +0200 (CEST)

Hi!

We would like to make password syncronisation between a Linux OpenLDAP
server and a MS Active Directory. Both directory services contains the
same users.

The OpenLDAP server authenticates Linux workstation users, the AD
authenticates Windows workstation users. This seem a little bit too
complicated, but my boss wants it, so what to say :-(

The password syncronisation is made by SFU Single Sign On (sso.so) pam
module.

If I change a user's password on the LDAP server (which uses the
information stored on itself), the sso pam module sends the password to
AD. The problem is when a user changes password on a Linux LDAP client, it
communicates only to LDAP server, which doesn't call this sso pam module.

A solution could be to use this sso module on every single workstation,
but this would mean an administration overhead on the windows server.

So is there any way to make the LDAP server to "call" this pam module,
when used from a remote client?

Krisztian

Prev by Date: add an auxiliary class to an existing entry
Next by Date: Re: AW: Is it possible self-authentication in Solaris 9?
Index(es):
- Chronological
- Thread