[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: password synchronzation

To: <s.oliver@umist.ac.uk>
Subject: RE: password synchronzation
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Wed, 31 Mar 2004 14:19:31 +0200 (CEST)
Cc: <OpenLDAP-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <009101c41713$217bde80$a06e5882@bi.umist.ac.uk>
References: <006a01c41702$78196480$1801a8c0@CELLO> <009101c41713$217bde80$a06e5882@bi.umist.ac.uk>

> Is there an openLDAP interface (perhaps perl-backend) that will allow me
> to intercept LDAP password changes so that I can distribute the changes
> to all my other systems (assume I have the tools to update the other
> systems' passwords).
>
> For example, I could write a perl script to check the password strength
> and then update all my other systems and LDAP.  Where/how can I slot
> this script into openLDAP?

the native way to do this would be with an overlay.  Check directory
servers/slapd/overlays for examples and essential documentation.

Of course, you need to use latest 2.2, and preferably HEAD.

p.

>
>
> --
>   Simon Oliver
>
>
>
>
>> -----Original Message-----
>> From: Howard Chu [mailto:hyc@highlandsun.com]
>> Sent: 31 March 2004 10:28
>> To: 'Simon Oliver'; OpenLDAP-software@OpenLDAP.org
>> Subject: RE: password synchronzation
>>
>>
>> > -----Original Message-----
>> > From: owner-openldap-software@OpenLDAP.org
>> > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of
>> Simon Oliver
>>
>> > I have a heterogeneous network.  I want to use LDAP as the
>> "truth" for
>> > account data/credentials.
>> >
>> > I need a system for two-way synchronization of password changes
>> between the various systems (NT domain, Samba, SQL
>> Database, UNIX PAM,
>> > etc), using LDAP
>> > as the master.
>> >
>> > I can install a password filter on the NT PDC to update
>> LDAP passwords
>> > and I believe there are PAM options to do this for UNIX.
>>
>> Since none of these items you list are themselves pieces of
>> OpenLDAP software, the relevance to this list seems pretty
>> low. It might be more appropriate for the general LDAP list
>> (ldap@umich.edu).
>>
>> Most of the systems you're interested in already have LDAP
>> support, so solving those is a no-brainer. E.g. PADL's
>> pam_ldap for Unix PAM, Samba already has native LDAP support.
>> Since they reference LDAP directly there is no
>> synchronization tool required.
>>
>> SQL Database - there are so many different SQL databases, and
>> the answer depends on which specific one you want. I note
>> that Symas has a LDAP agents that allow management of Oracle
>> and Informix accounts. We also have another agent for
>> managing NT PDCs via LDAP. In these cases, synchronization is
>> a simple matter of replication from an OpenLDAP master to
>> each of these agents.
>>
>> > What I need is an openLDAP tool/interface to update the
>> other systems
>> > as and when the LDAP password is changed.  Any ideas?
>>
>> With the right infrastructure, OpenLDAP slurpd will do the
>> updating. As for other tools/interfaces, all of Symas' agents
>> are built using the OpenLDAP libraries. It's certainly
>> feasible for you to write your own using OpenLDAP software.
>>
>>   -- Howard Chu
>>   Chief Architect, Symas Corp.       Director, Highland Sun
>>   http://www.symas.com               http://highlandsun.com/hyc
>>   Symas: Premier OpenSource Development and Support
>>
>>


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

References:
- RE: password synchronzation
  - From: "Howard Chu" <hyc@highlandsun.com>
- RE: password synchronzation
  - From: "Simon Oliver" <s.oliver@umist.ac.uk>

Prev by Date: Re: password synchronzation
Next by Date: RE: password synchronzation
Index(es):
- Chronological
- Thread