[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: password synchronzation

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Simon Oliver

> I have a heterogeneous network.  I want to use LDAP as the "truth" for
> account data/credentials.
> I need a system for two-way synchronization of password
> changes between the
> various systems (NT domain, Samba, SQL Database, UNIX PAM,
> etc), using LDAP
> as the master.
> I can install a password filter on the NT PDC to update LDAP
> passwords and I
> believe there are PAM options to do this for UNIX.

Since none of these items you list are themselves pieces of OpenLDAP
software, the relevance to this list seems pretty low. It might be more
appropriate for the general LDAP list (ldap@umich.edu).

Most of the systems you're interested in already have LDAP support, so
solving those is a no-brainer. E.g. PADL's pam_ldap for Unix PAM, Samba
already has native LDAP support. Since they reference LDAP directly there is
no synchronization tool required.

SQL Database - there are so many different SQL databases, and the answer
depends on which specific one you want. I note that Symas has a LDAP agents
that allow management of Oracle and Informix accounts. We also have another
agent for managing NT PDCs via LDAP. In these cases, synchronization is a
simple matter of replication from an OpenLDAP master to each of these agents.

> What I need is an openLDAP tool/interface to update the other
> systems as and when the LDAP password is changed.  Any ideas?

With the right infrastructure, OpenLDAP slurpd will do the updating. As for
other tools/interfaces, all of Symas' agents are built using the OpenLDAP
libraries. It's certainly feasible for you to write your own using OpenLDAP

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support