[Date Prev][Date Next] [Chronological] [Thread] [Top]

RFT0001 : Request For Thoughts

Hi everyone,
If this post here is in poor taste, please pardon my interruption. It's
just that I figured those here would have a high probability of trying
to do as I am trying to do.
I'm a debian-head from the early 90's, but I'm new to OpenLDAP, and this
is my first post here. I'm about halfway done with Mastering OpenLDAP,
and I've been lurking here for a month or so, trying to understand how
things work, and looking for questions like mine. I also just read
Kerberos, the definitive guide as a primer into understanding how my
team can make everyone 'Just Get Along(tm)' in a multi-platform global
enterprise, while leveraging open source projects. 
Rough Goals:
* We're exploring ways in which we can have a single user/group database
for everything, everywhere in our domain.
* Additionally, we want as 'SSO' an environment as possible.
* We also want to keep, and even extend all the other NIS functionality
we use today - only without the NIS limitations.
* We also need to be able to phase it in, or even have it overlap with
our current situation for a period, so it's not an all-or-nothing kind
of change.
The Parts Bin:
There's a bunch of parts around, and they all kind of fit together, but
to my current understanding anyway, seem to create a few different
incomplete solutions, such as:
* Samba/Winbind/Kerberos (possibly backed by OpenLDAP)
* OpenLDAP/Kerberos with trusts to AD
* AD using 2003R2 and possibly custom schema modifications if required.
My question really is what are others doing to solve this type of
problem? Architecturally, what is the best approach given the above
desired outcome?
Thanks to all for your thoughts and insight on this,
Christopher Barry
Systems Engineer