Re: A possible way to have NT authentic against LDAP (RFI)

[Luke Howard <lukeh@PADL.COM>]

>I originally thought of wrapping the 'passwd' command on the UNIX side
>because a user password change would have to update two ldap databases,
>the windows (win2k) and the unix.  Does ldap_pam allow updating 2
>different ldap servers?  if so, great.  

No, you could modify it to do so. Maybe SAMBA's pam_ntdom
allows you to update passwords? If so, you could stack
that. Or you could stack two pam_ldap modules iff you
modified pam_ldap to take some of its configuration from
pam.conf.

>The biggest advantage of this scheme is that only the PDC needs to be
>altered (and that's to add one DLL) and the UNIX and windoze ldap
>servers can keep their schemas as they please.

Netscape wrote such a notify DLL that works with their
LDAP server. I'm sure they would be happy to sell you
Directory Server for NT!

-- Luke
--
Luke Howard | Darwin Developer | PADL Software Pty Ltd
www.padl.com | lukeh@darwin.apple.com | lukeh@padl.com