[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: A Few Questions

>Hello, everyone.  I've been using OpenLDAP for a little while, and I'm
>starting to hit a few sticking points, so I've subscribed to the list in
>the hopes a few experienced souls will be able to lend me a hand.
>First, is it possible to configure OpenLDAP in a master/slave relationship
>similar to NIS (or DNS or Sendmail)?  
>I know I can use slurpd to replicate
>the LDAP directory, but I'd like queries to be sent to my primary LDAP
>server, and only use the slave server if the master goes down.  DNS round
>robin won't work, because it will rotate between servers (which will fail
>50% of the time).

I think you need to look for some load-balanceing or clustering solution
(Turbo Linux?) to do this.  slapd as far as I know does not have a "fail
over" method,  which is what it sound like you are actually looking for.

>Second, is there a good resource somewhere with a list and explanation of
>the attributes which can be implemented in the directory (aside from
>scouring the RFCs and Google)?  What I'd really like to find is a table
>with something like:
>	attribute	type		description (and possibly example)
>	----------	-------		----------------------------------
>	uidNumber	integer		Unix UID used by nsswitch/pam_ldap
>	userPassword	crypted string	Unix password in crpt form, eg.
>					  {crypt}$1$iInQQgss$ddfds342U7a/
>					  (must begin with {crypt}!)

No such document exists, AFAIK.  Sad.  I cover some of this in my LDAP
presentation, and I hope to add more,  but it is FAR from exhaustive.

>etc, etc.  I've so far implemented LDAP for a corporate directory and Unix
>authentication/nss, but it's been terribly difficult finding a userful
>list of attributes so that I could implement it.

Yes, it is.

>Which bring up my last question.  Is there a good reference on using LDAP
>for Windows NT and/or 2000 authentication?  


>I've heard this is possible,
>but I haven't found any good resources on it.  This, of course, would be
>the holy grail - allowing me to get rid of the Windows DCs and use LDAP as
>a central authentication mechanism.

Yes, it is very nice.