openLDAP - Usage/Best-Practice in heterogeneous network linux/win2000

Hi All - LDAP/MSNetworking Gurus....

Hope someone here can direct me to resources (and relay some experience) actually using openLDAP in a production heterogeneous network -- linux/win2000.

  My 3 -Questions:
1) What's the best resource out there (collection of links/resources with real examples) that will help me install an openLDAP instance (not just "general" talk about it) -- and synchronize with an existing Win2000-SAM / PrimaryDomainController ?

2) Can someone direct me to specific open-source technology -- combinations,   names -- that where used (and worked) in production ?

I've already researched:
        Also looked into: MKS AD4Unix - plug-in... but I don't think it's open source ?

3) I would like to setup an openLDAP instance (on a linux box) that synchronizes initially with a Win2000-SAM/PDC and later an MSActiveDirectory.  I can setup SAMBA (as long as it's NOT  the PDC) if it helps ? though I would prefer to synch. with the Microsoft world directly using open source tools/utilities.
I'll use this openLDAP instance to:
   a) authenticate my Linux/Unix boxes --  using existing user passwords from the MS world.
   b) authenticate all my WebApplications -- and ApplicationServer related  needs
   c) in future I would also like to synchronize with LotusDomino accounts and perhaps DB2 info.
       BUT -- I would not want these sources of information to be replicated into the MS-SAM/PDC - or AD.
My team would like to start writing API's / authentication against LDAP -- but we don't want to wait for our company's ActiveServer implementation.  Also -- we don't want to be manually maintaining all this LDAP user account info. -- we want to use "synchronization" tools that help us leverage the diverse sources of user account info. we've already got spread across our enterprise.
*** Now finally -- the last question -- is what I'm describing above possible, tested, documented ?? Is there somekind of documented roadmap I could follow with suggestions for utilities and tools ??

Really hoping someone can get me on the fast track with this.....
It's very easy to drown in all the information out there on this topic.
I'm looking for something clear, concise, proven -- hope I'm not dreaming ;))

Hope to hear from someone soon.....


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I haven't done any syncronisation with LDAP on Windows and I dont know how easy or even if it is possible.

If you setup Samba talking to OpenLDAP you should be able to use the 'net rpc vampire' command to pull down the complete account information into LDAP. You could perhaps schedule it to run once an hour or so.
fmisaAuthor Commented:
Thanks very much grblades....

That's a partial but really important piece of the puzzle for me.....
Thanks very much for posting a reply.......

I'll accept in full -- if you can complete the picture for me somewhat.....
Or I'll award partial points (if possible) and try to repost parts of this question in other forum sections that might be more appropriate ?? What do you think ?

1) Can Samba be used to pull down the complete account information from:
* Primary Domain Controller Only ?
* Or Will it also work with MS LDAP implementation (i.e. Active Directory) ?

2) Do modules exist for Samba -- or other networking tools you might know -- that can be used to "synch" openLDAP with account information from NotesDomino as well ??

3) Have you ever heard of pwsynch ?
Do you -- or anyone in your circle of LDAP peers -- use utilities like pwsynch from the openSource community?

I truly appreciate your attempt to help me......


1) The 'net rpc vampire' command works through RPC calls so it works on the windows networking method rather than an LDAP call and therefore should work on any domain controller (including active directory).

2) LDAP is an open system. You might be able to install the samba schema file in Notes and then have Samba query the same LDAP server. On the Samba server you could have OpenLDAP running as a slave (similar to a backup domain controller) so it keeps a copy and Samba can authenticate against that to reduce load and network traffic on the notes server. This is theoretical only and depends how much configuration you can perform on the Notes system.

3) No I haven't but I have bookmarked the page for future reference :)

If you wish to award partial points you can post a question in the community support area asking for the points to be reduced.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
fmisaAuthor Commented:
I really appreciate your help grblades.....
Thanks very much......

Take Care
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.