[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back-perl and password/user synchronization

--On Mittwoch, 6. Februar 2002 01:11 -0500 Kervin Pierre <kpierre@fit.edu> wrote:


I am looking into a project to get password/user synchronization between
Windows 2000 and various UNIX systems using OpenLDAP.

I would like the main user repository to be a ldap server, so solutions
like SAMBA's winbind and PAM Kerberos have been ruled out.

My plan is to use back-perl and a perl script on the main ldap server
that would route any add/delete/modify queries request concerning entries
in the user or group organizational units, to an a OpenLDAP server on
Windows 2000 and also to a server running on a UNIX server. eg...

Are you sure you'll be running OpenLDAP on Windows? W2k clients will only authenticate to a W2k Active Directory. There is no solution (at least not at the moment, see http://dcerpc.net/proj/index.xvl?acct=proj:xad) to replace it with something else.

--> main Win2K OpenLDAP server | ldap query --> OpenLDAP/back-perl-- | --> main UNIX OpenLDAP server

If you just want to keep an OpenLDAP server running on Windows in sync with another running on a Unix system, you should use slurpd on the unix side for replication.

See my thesis for further information on this subject:

Norbert Klasen, Dipl.-Inform.
DAASI International GmbH                 phone: +49 7071 29 70336
Wilhelmstr. 106                          fax:   +49 7071 29 5114
72074 Tübingen                           email: norbert.klasen@daasi.de
Germany                                  web:   http://www.daasi.de