[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: windows authentication & openldap: explanation.

To: Jim C <jcllings@tsunamicomm.net>
Subject: Re: windows authentication & openldap: explanation.
From: "Kervin L. Pierre" <kervin@blueprint-tech.com>
Date: Tue, 30 Jul 2002 06:04:08 -0400
Cc: openldap-software@OpenLDAP.org
References: <F190PGxgelXDeqoMIOG00003eea@hotmail.com> <3D463351.4050908@tsunamicomm.net>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1b) Gecko/20020727


Jim C wrote:
[...]

The windows based cleint is a Win2K box. I am basically trying to figure out the differenece between what the client is sending and what the server expects.

[...]

Try a network sniffer like ethereal, http://ethereal.com/ . Ethereal disects the LDAP protocol, so you get a nice break down of the session. It works really well for debugging clients.

I don't think there's an 'easy' way for doing this. Samba, the synch products, and the GINAs are all probably going to take some work to configure.

If you're interested in an opensource synch. solution, I have posted my NT password filter DLL at http://acctsync.sf.net/ . This is similar to psynch, novell's and iplanet's approach. The diffence is that mine is configurable to call any abituary program when the user changes their password, configurable in the registry. I use an OpenLDAP replica and a back-perl module on win2k to add/del/modify Win2k domain accounts when LDAP accounts are add/del/modify in the master ldap server. It works well with 3500 accounts. But would not fall under easy to configure, I don't think.

--Kervin

References:
- Re: windows authentication & openldap: explanation.
  - From: "brian jones" <bj_rui@hotmail.com>
- Re: windows authentication & openldap: explanation.
  - From: Jim C <jcllings@tsunamicomm.net>

Prev by Date: Re: AW: modifyTimestamp
Next by Date: Re: AW: modifyTimestamp
Index(es):
- Chronological
- Thread