[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: password synchronzation

Is there an openLDAP interface (perhaps perl-backend) that will allow me to
intercept LDAP password changes so that I can distribute the changes to all
my other systems (assume I have the tools to update the other systems'

For example, I could write a perl script to check the password strength and
then update all my other systems and LDAP.  Where/how can I slot this script
into openLDAP?

  Simon Oliver


> -----Original Message-----
> From: Howard Chu [mailto:hyc@highlandsun.com] 
> Sent: 31 March 2004 10:28
> To: 'Simon Oliver'; OpenLDAP-software@OpenLDAP.org
> Subject: RE: password synchronzation
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of 
> Simon Oliver
> > I have a heterogeneous network.  I want to use LDAP as the 
> "truth" for 
> > account data/credentials.
> >
> > I need a system for two-way synchronization of password changes 
> > between the various systems (NT domain, Samba, SQL 
> Database, UNIX PAM,
> > etc), using LDAP
> > as the master.
> >
> > I can install a password filter on the NT PDC to update 
> LDAP passwords 
> > and I believe there are PAM options to do this for UNIX.
> Since none of these items you list are themselves pieces of 
> OpenLDAP software, the relevance to this list seems pretty 
> low. It might be more appropriate for the general LDAP list 
> (ldap@umich.edu).
> Most of the systems you're interested in already have LDAP 
> support, so solving those is a no-brainer. E.g. PADL's 
> pam_ldap for Unix PAM, Samba already has native LDAP support. 
> Since they reference LDAP directly there is no 
> synchronization tool required.
> SQL Database - there are so many different SQL databases, and 
> the answer depends on which specific one you want. I note 
> that Symas has a LDAP agents that allow management of Oracle 
> and Informix accounts. We also have another agent for 
> managing NT PDCs via LDAP. In these cases, synchronization is 
> a simple matter of replication from an OpenLDAP master to 
> each of these agents.
> > What I need is an openLDAP tool/interface to update the 
> other systems 
> > as and when the LDAP password is changed.  Any ideas?
> With the right infrastructure, OpenLDAP slurpd will do the 
> updating. As for other tools/interfaces, all of Symas' agents 
> are built using the OpenLDAP libraries. It's certainly 
> feasible for you to write your own using OpenLDAP software.
>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director, Highland Sun
>   http://www.symas.com               http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support