[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Active directory and openldap

it's quite an old mail ..., but do you finally wrote this document on changing password both in openldap and AD ? it is very interesting to us !

Thanks.

Michel Lacle wrote: 
Hi Howard,

In fact we do have a perl script, and a dll that allow this to happen. I
will work on this document on the  weekend to describe in detail who we
solve the password thing between Active Directory and OpenLDAP.

Sincerely,
Michel.

On Fri, 23 May 2003, Jehan PROCACCIA wrote:


Do you happen to have a sample source perl code to transform the
cleartext password to Unicode unicodePwd attribute for AD ?
Also as anyone implemented a protected connection "SASL/GSSAPI or TLS)
to bind to AD as a privileged user to make these changes" .

Thanks.


Howard Chu wrote:

Yes, it's feasible to set up an OpenLDAP master that uses slurpd to replicate
changes into AD. The one catch is that you must use cleartext passwords if
you want them to be replicated, and you must transform the UTF-8 userPassword
from OpenLDAP into the Unicode unicodePwd attribute during the replication.
Generally I use a bit of perl code to do this step. And of course, you must
use a protected connection (SASL/GSSAPI or TLS) to bind to AD as a privileged
user to make these changes.

 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support




--
Jehan Procaccia 			| Ingenieur Systemes & Reseaux
Institut National des Telecommunications| Tel : +33 (0) 160764436
MCI, Moyens Communs Informatiques  | Mail: Jehan.Procaccia@int-evry.fr
9 rue Charles Fourier 91011 Evry France | Fax : +33 (0) 160764321






--
Jehan Procaccia, Ingenieur Systemes & Reseaux
Institut National des Telecommunications, Tel : +33 (0) 160764436
MCI,Moyens Communs Informatiques, Mail: Jehan.Procaccia@int-evry.fr
9 rue Charles Fourier 91011 Evry France, Fax : +33 (0) 160764321