[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 440
  • Last Modified:

openLDAP - Usage/Best-Practice in heterogeneous network linux/win2000

Hi All - LDAP/MSNetworking Gurus....

Hope someone here can direct me to resources (and relay some experience) actually using openLDAP in a production heterogeneous network -- linux/win2000.

  My 3 -Questions:
---------------------------
1) What's the best resource out there (collection of links/resources with real examples) that will help me install an openLDAP instance (not just "general" talk about it) -- and synchronize with an existing Win2000-SAM / PrimaryDomainController ?

2) Can someone direct me to specific open-source technology -- combinations,   names -- that where used (and worked) in production ?

I've already researched:
   https://pwsynch.dev.java.net/
   https://pwsynch.dev.java.net/pwsynchpres.html
   http://www.ldapguru.org/modules/mylinks/visit.php?cid=7&lid=80
        Also looked into: MKS AD4Unix - plug-in... but I don't think it's open source ?

3) I would like to setup an openLDAP instance (on a linux box) that synchronizes initially with a Win2000-SAM/PDC and later an MSActiveDirectory.  I can setup SAMBA (as long as it's NOT  the PDC) if it helps ? though I would prefer to synch. with the Microsoft world directly using open source tools/utilities.
I'll use this openLDAP instance to:
   a) authenticate my Linux/Unix boxes --  using existing user passwords from the MS world.
   b) authenticate all my WebApplications -- and ApplicationServer related  needs
   c) in future I would also like to synchronize with LotusDomino accounts and perhaps DB2 info.
       BUT -- I would not want these sources of information to be replicated into the MS-SAM/PDC - or AD.
My team would like to start writing API's / authentication against LDAP -- but we don't want to wait for our company's ActiveServer implementation.  Also -- we don't want to be manually maintaining all this LDAP user account info. -- we want to use "synchronization" tools that help us leverage the diverse sources of user account info. we've already got spread across our enterprise.
*** Now finally -- the last question -- is what I'm describing above possible, tested, documented ?? Is there somekind of documented roadmap I could follow with suggestions for utilities and tools ??


Really hoping someone can get me on the fast track with this.....
It's very easy to drown in all the information out there on this topic.
I'm looking for something clear, concise, proven -- hope I'm not dreaming ;))

Hope to hear from someone soon.....

Thanks

Frank
0
fmisa
Asked:
fmisa
  • 2
  • 2
1 Solution
 
grbladesCommented:
I haven't done any syncronisation with LDAP on Windows and I dont know how easy or even if it is possible.

If you setup Samba talking to OpenLDAP you should be able to use the 'net rpc vampire' command to pull down the complete account information into LDAP. You could perhaps schedule it to run once an hour or so.
0
 
fmisaAuthor Commented:
Thanks very much grblades....

That's a partial but really important piece of the puzzle for me.....
Thanks very much for posting a reply.......

I'll accept in full -- if you can complete the picture for me somewhat.....
Or I'll award partial points (if possible) and try to repost parts of this question in other forum sections that might be more appropriate ?? What do you think ?

1) Can Samba be used to pull down the complete account information from:
* Primary Domain Controller Only ?
* Or Will it also work with MS LDAP implementation (i.e. Active Directory) ?

2) Do modules exist for Samba -- or other networking tools you might know -- that can be used to "synch" openLDAP with account information from NotesDomino as well ??

3) Have you ever heard of pwsynch ?
https://pwsynch.dev.java.net/
Do you -- or anyone in your circle of LDAP peers -- use utilities like pwsynch from the openSource community?


I truly appreciate your attempt to help me......

Thanks



0
 
grbladesCommented:
1) The 'net rpc vampire' command works through RPC calls so it works on the windows networking method rather than an LDAP call and therefore should work on any domain controller (including active directory).

2) LDAP is an open system. You might be able to install the samba schema file in Notes and then have Samba query the same LDAP server. On the Samba server you could have OpenLDAP running as a slave (similar to a backup domain controller) so it keeps a copy and Samba can authenticate against that to reduce load and network traffic on the notes server. This is theoretical only and depends how much configuration you can perform on the Notes system.

3) No I haven't but I have bookmarked the page for future reference :)

If you wish to award partial points you can post a question in the community support area asking for the points to be reduced.
0
 
fmisaAuthor Commented:
I really appreciate your help grblades.....
Thanks very much......

Take Care
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now