[Date Prev][Date Next]
Re: password synchronzation
There is a Perl-scripting tool called PADL ldapprofile.
It might be helpful for you...
----- Original Message -----
From: "Simon Oliver" <firstname.lastname@example.org>
To: "'Howard Chu'" <email@example.com>; <OpenLDAP-software@OpenLDAP.org>
Sent: Wednesday, March 31, 2004 1:27 PM
Subject: RE: password synchronzation
> Is there an openLDAP interface (perhaps perl-backend) that will allow me
> intercept LDAP password changes so that I can distribute the changes to
> my other systems (assume I have the tools to update the other systems'
> For example, I could write a perl script to check the password strength
> then update all my other systems and LDAP. Where/how can I slot this
> into openLDAP?
> Simon Oliver
> > -----Original Message-----
> > From: Howard Chu [mailto:firstname.lastname@example.org]
> > Sent: 31 March 2004 10:28
> > To: 'Simon Oliver'; OpenLDAP-software@OpenLDAP.org
> > Subject: RE: password synchronzation
> > > -----Original Message-----
> > > From: owner-openldap-software@OpenLDAP.org
> > > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of
> > Simon Oliver
> > > I have a heterogeneous network. I want to use LDAP as the
> > "truth" for
> > > account data/credentials.
> > >
> > > I need a system for two-way synchronization of password changes
> > > between the various systems (NT domain, Samba, SQL
> > Database, UNIX PAM,
> > > etc), using LDAP
> > > as the master.
> > >
> > > I can install a password filter on the NT PDC to update
> > LDAP passwords
> > > and I believe there are PAM options to do this for UNIX.
> > Since none of these items you list are themselves pieces of
> > OpenLDAP software, the relevance to this list seems pretty
> > low. It might be more appropriate for the general LDAP list
> > (email@example.com).
> > Most of the systems you're interested in already have LDAP
> > support, so solving those is a no-brainer. E.g. PADL's
> > pam_ldap for Unix PAM, Samba already has native LDAP support.
> > Since they reference LDAP directly there is no
> > synchronization tool required.
> > SQL Database - there are so many different SQL databases, and
> > the answer depends on which specific one you want. I note
> > that Symas has a LDAP agents that allow management of Oracle
> > and Informix accounts. We also have another agent for
> > managing NT PDCs via LDAP. In these cases, synchronization is
> > a simple matter of replication from an OpenLDAP master to
> > each of these agents.
> > > What I need is an openLDAP tool/interface to update the
> > other systems
> > > as and when the LDAP password is changed. Any ideas?
> > With the right infrastructure, OpenLDAP slurpd will do the
> > updating. As for other tools/interfaces, all of Symas' agents
> > are built using the OpenLDAP libraries. It's certainly
> > feasible for you to write your own using OpenLDAP software.
> > -- Howard Chu
> > Chief Architect, Symas Corp. Director, Highland Sun
> > http://www.symas.com http://highlandsun.com/hyc
> > Symas: Premier OpenSource Development and Support