[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Simple LDAP to LDAP Integration

To: Bill MacAllister <whm@stanford.edu>
Subject: Re: Simple LDAP to LDAP Integration
From: Alejandro Imass <ait@p2ee.org>
Date: Wed, 20 Apr 2011 13:59:18 -0400
Cc: openldap-technical@openldap.org
In-reply-to: <9C3C2FE9FE28C4FADE4C3D24@10.0.0.32>
References: <BANLkTino41u3ObthV7Ho3F9vguhnMcO2dA@mail.gmail.com> <9C3C2FE9FE28C4FADE4C3D24@10.0.0.32>

On Wed, Apr 20, 2011 at 12:39 PM, Bill MacAllister <whm@stanford.edu> wrote:
>
>
> --On Wednesday, April 20, 2011 10:23:20 AM -0400 Alejandro Imass
> <ait@p2ee.org> wrote:
>
>> Hello,
>>
[...]

> One way to do this is to configure your OpenLDAP server to generate an
> accesslog.  They you read the accesslog looking for any changes and
> apply the changes to your downstream datastore whatever it is.  We do
> this using perl and Net::LDAPapi.  I can provide an example if you are
> interested.
>

Hi Bill, thank you *very* much for your prompt reply.
One question (actually 2) though before I ask for the trouble of
providing an example.... do you get the clear text passwd on the
accesslog? is the the log an LDIF format? It's not that I really need
clear text, but I need to compute the corresponding password hashes
for MS-AD. are you guys able to change the password fields as well? or
are you just copying the hashes from one to the other? how does this
work with the accesslog method?

Again many thanks because I really feel that this could be a practical
KISS way of integrating this.

Thanks!!!
Alex

> Bill
>
> --
>
> Bill MacAllister
> Infrastructure Delivery Group, Stanford University
>
>

Follow-Ups:
- Re: Simple LDAP to LDAP Integration
  - From: Bill MacAllister <whm@stanford.edu>

References:
- Simple LDAP to LDAP Integration
  - From: Alejandro Imass <ait@p2ee.org>

Prev by Date: Re: proxy Auth and authzto
Next by Date: Re: Installation openLDAP in Debian
Index(es):
- Chronological
- Thread