openLDAP - Usage/Best-Practice in heterogeneous network linux/win2000

Posted on 2004-11-05
Last Modified: 2008-03-03
Hi All - LDAP/MSNetworking Gurus....

Hope someone here can direct me to resources (and relay some experience) actually using openLDAP in a production heterogeneous network -- linux/win2000.

  My 3 -Questions:
1) What's the best resource out there (collection of links/resources with real examples) that will help me install an openLDAP instance (not just "general" talk about it) -- and synchronize with an existing Win2000-SAM / PrimaryDomainController ?

2) Can someone direct me to specific open-source technology -- combinations,   names -- that where used (and worked) in production ?

I've already researched:
        Also looked into: MKS AD4Unix - plug-in... but I don't think it's open source ?

3) I would like to setup an openLDAP instance (on a linux box) that synchronizes initially with a Win2000-SAM/PDC and later an MSActiveDirectory.  I can setup SAMBA (as long as it's NOT  the PDC) if it helps ? though I would prefer to synch. with the Microsoft world directly using open source tools/utilities.
I'll use this openLDAP instance to:
   a) authenticate my Linux/Unix boxes --  using existing user passwords from the MS world.
   b) authenticate all my WebApplications -- and ApplicationServer related  needs
   c) in future I would also like to synchronize with LotusDomino accounts and perhaps DB2 info.
       BUT -- I would not want these sources of information to be replicated into the MS-SAM/PDC - or AD.
My team would like to start writing API's / authentication against LDAP -- but we don't want to wait for our company's ActiveServer implementation.  Also -- we don't want to be manually maintaining all this LDAP user account info. -- we want to use "synchronization" tools that help us leverage the diverse sources of user account info. we've already got spread across our enterprise.
*** Now finally -- the last question -- is what I'm describing above possible, tested, documented ?? Is there somekind of documented roadmap I could follow with suggestions for utilities and tools ??

Really hoping someone can get me on the fast track with this.....
It's very easy to drown in all the information out there on this topic.
I'm looking for something clear, concise, proven -- hope I'm not dreaming ;))

Hope to hear from someone soon.....


Question by:fmisa
    LVL 36

    Expert Comment

    I haven't done any syncronisation with LDAP on Windows and I dont know how easy or even if it is possible.

    If you setup Samba talking to OpenLDAP you should be able to use the 'net rpc vampire' command to pull down the complete account information into LDAP. You could perhaps schedule it to run once an hour or so.

    Author Comment

    Thanks very much grblades....

    That's a partial but really important piece of the puzzle for me.....
    Thanks very much for posting a reply.......

    I'll accept in full -- if you can complete the picture for me somewhat.....
    Or I'll award partial points (if possible) and try to repost parts of this question in other forum sections that might be more appropriate ?? What do you think ?

    1) Can Samba be used to pull down the complete account information from:
    * Primary Domain Controller Only ?
    * Or Will it also work with MS LDAP implementation (i.e. Active Directory) ?

    2) Do modules exist for Samba -- or other networking tools you might know -- that can be used to "synch" openLDAP with account information from NotesDomino as well ??

    3) Have you ever heard of pwsynch ?
    Do you -- or anyone in your circle of LDAP peers -- use utilities like pwsynch from the openSource community?

    I truly appreciate your attempt to help me......


    LVL 36

    Accepted Solution

    1) The 'net rpc vampire' command works through RPC calls so it works on the windows networking method rather than an LDAP call and therefore should work on any domain controller (including active directory).

    2) LDAP is an open system. You might be able to install the samba schema file in Notes and then have Samba query the same LDAP server. On the Samba server you could have OpenLDAP running as a slave (similar to a backup domain controller) so it keeps a copy and Samba can authenticate against that to reduce load and network traffic on the notes server. This is theoretical only and depends how much configuration you can perform on the Notes system.

    3) No I haven't but I have bookmarked the page for future reference :)

    If you wish to award partial points you can post a question in the community support area asking for the points to be reduced.

    Author Comment

    I really appreciate your help grblades.....
    Thanks very much......

    Take Care

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now