[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: password synchronzation

To: "Simon Oliver" <s.oliver@umist.ac.uk>
Subject: Re: password synchronzation
From: "Alexei Monastyrnyi" <alexeim@orcsoftware.com>
Date: Wed, 31 Mar 2004 13:56:55 +0200
Cc: <openldap-software@OpenLDAP.org>
References: <009101c41713$217bde80$a06e5882@bi.umist.ac.uk>

There is a Perl-scripting tool called PADL ldapprofile.
It might be helpful for you...
http://www.padl.com/OSS/ldapprofile.html

A.

----- Original Message ----- 
From: "Simon Oliver" <s.oliver@umist.ac.uk>
To: "'Howard Chu'" <hyc@highlandsun.com>; <OpenLDAP-software@OpenLDAP.org>
Sent: Wednesday, March 31, 2004 1:27 PM
Subject: RE: password synchronzation


> Is there an openLDAP interface (perhaps perl-backend) that will allow me
to
> intercept LDAP password changes so that I can distribute the changes to
all
> my other systems (assume I have the tools to update the other systems'
> passwords).
>
> For example, I could write a perl script to check the password strength
and
> then update all my other systems and LDAP.  Where/how can I slot this
script
> into openLDAP?
>
>
> -- 
>   Simon Oliver
>
>
>
>
> > -----Original Message-----
> > From: Howard Chu [mailto:hyc@highlandsun.com]
> > Sent: 31 March 2004 10:28
> > To: 'Simon Oliver'; OpenLDAP-software@OpenLDAP.org
> > Subject: RE: password synchronzation
> >
> >
> > > -----Original Message-----
> > > From: owner-openldap-software@OpenLDAP.org
> > > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of
> > Simon Oliver
> >
> > > I have a heterogeneous network.  I want to use LDAP as the
> > "truth" for
> > > account data/credentials.
> > >
> > > I need a system for two-way synchronization of password changes
> > > between the various systems (NT domain, Samba, SQL
> > Database, UNIX PAM,
> > > etc), using LDAP
> > > as the master.
> > >
> > > I can install a password filter on the NT PDC to update
> > LDAP passwords
> > > and I believe there are PAM options to do this for UNIX.
> >
> > Since none of these items you list are themselves pieces of
> > OpenLDAP software, the relevance to this list seems pretty
> > low. It might be more appropriate for the general LDAP list
> > (ldap@umich.edu).
> >
> > Most of the systems you're interested in already have LDAP
> > support, so solving those is a no-brainer. E.g. PADL's
> > pam_ldap for Unix PAM, Samba already has native LDAP support.
> > Since they reference LDAP directly there is no
> > synchronization tool required.
> >
> > SQL Database - there are so many different SQL databases, and
> > the answer depends on which specific one you want. I note
> > that Symas has a LDAP agents that allow management of Oracle
> > and Informix accounts. We also have another agent for
> > managing NT PDCs via LDAP. In these cases, synchronization is
> > a simple matter of replication from an OpenLDAP master to
> > each of these agents.
> >
> > > What I need is an openLDAP tool/interface to update the
> > other systems
> > > as and when the LDAP password is changed.  Any ideas?
> >
> > With the right infrastructure, OpenLDAP slurpd will do the
> > updating. As for other tools/interfaces, all of Symas' agents
> > are built using the OpenLDAP libraries. It's certainly
> > feasible for you to write your own using OpenLDAP software.
> >
> >   -- Howard Chu
> >   Chief Architect, Symas Corp.       Director, Highland Sun
> >   http://www.symas.com               http://highlandsun.com/hyc
> >   Symas: Premier OpenSource Development and Support
> >
> >
>
>

References:
- RE: password synchronzation
  - From: "Simon Oliver" <s.oliver@umist.ac.uk>

Prev by Date: RE: password synchronzation
Next by Date: RE: password synchronzation
Index(es):
- Chronological
- Thread