fmisa
asked on
openLDAP - Usage/Best-Practice in heterogeneous network linux/win2000
Hi All - LDAP/MSNetworking Gurus....
Hope someone here can direct me to resources (and relay some experience) actually using openLDAP in a production heterogeneous network -- linux/win2000.
My 3 -Questions:
-------------------------- -
1) What's the best resource out there (collection of links/resources with real examples) that will help me install an openLDAP instance (not just "general" talk about it) -- and synchronize with an existing Win2000-SAM / PrimaryDomainController ?
2) Can someone direct me to specific open-source technology -- combinations, names -- that where used (and worked) in production ?
I've already researched:
https://pwsynch.dev.java.net/
https://pwsynch.dev.java.net/pwsynchpres.html
http://www.ldapguru.org/modules/mylinks/visit.php?cid=7&lid=80
Also looked into: MKS AD4Unix - plug-in... but I don't think it's open source ?
3) I would like to setup an openLDAP instance (on a linux box) that synchronizes initially with a Win2000-SAM/PDC and later an MSActiveDirectory. I can setup SAMBA (as long as it's NOT the PDC) if it helps ? though I would prefer to synch. with the Microsoft world directly using open source tools/utilities.
I'll use this openLDAP instance to:
a) authenticate my Linux/Unix boxes -- using existing user passwords from the MS world.
b) authenticate all my WebApplications -- and ApplicationServer related needs
c) in future I would also like to synchronize with LotusDomino accounts and perhaps DB2 info.
BUT -- I would not want these sources of information to be replicated into the MS-SAM/PDC - or AD.
My team would like to start writing API's / authentication against LDAP -- but we don't want to wait for our company's ActiveServer implementation. Also -- we don't want to be manually maintaining all this LDAP user account info. -- we want to use "synchronization" tools that help us leverage the diverse sources of user account info. we've already got spread across our enterprise.
*** Now finally -- the last question -- is what I'm describing above possible, tested, documented ?? Is there somekind of documented roadmap I could follow with suggestions for utilities and tools ??
Really hoping someone can get me on the fast track with this.....
It's very easy to drown in all the information out there on this topic.
I'm looking for something clear, concise, proven -- hope I'm not dreaming ;))
Hope to hear from someone soon.....
Thanks
Frank
Hope someone here can direct me to resources (and relay some experience) actually using openLDAP in a production heterogeneous network -- linux/win2000.
My 3 -Questions:
--------------------------
1) What's the best resource out there (collection of links/resources with real examples) that will help me install an openLDAP instance (not just "general" talk about it) -- and synchronize with an existing Win2000-SAM / PrimaryDomainController ?
2) Can someone direct me to specific open-source technology -- combinations, names -- that where used (and worked) in production ?
I've already researched:
https://pwsynch.dev.java.net/
https://pwsynch.dev.java.net/pwsynchpres.html
http://www.ldapguru.org/modules/mylinks/visit.php?cid=7&lid=80
Also looked into: MKS AD4Unix - plug-in... but I don't think it's open source ?
3) I would like to setup an openLDAP instance (on a linux box) that synchronizes initially with a Win2000-SAM/PDC and later an MSActiveDirectory. I can setup SAMBA (as long as it's NOT the PDC) if it helps ? though I would prefer to synch. with the Microsoft world directly using open source tools/utilities.
I'll use this openLDAP instance to:
a) authenticate my Linux/Unix boxes -- using existing user passwords from the MS world.
b) authenticate all my WebApplications -- and ApplicationServer related needs
c) in future I would also like to synchronize with LotusDomino accounts and perhaps DB2 info.
BUT -- I would not want these sources of information to be replicated into the MS-SAM/PDC - or AD.
My team would like to start writing API's / authentication against LDAP -- but we don't want to wait for our company's ActiveServer implementation. Also -- we don't want to be manually maintaining all this LDAP user account info. -- we want to use "synchronization" tools that help us leverage the diverse sources of user account info. we've already got spread across our enterprise.
*** Now finally -- the last question -- is what I'm describing above possible, tested, documented ?? Is there somekind of documented roadmap I could follow with suggestions for utilities and tools ??
Really hoping someone can get me on the fast track with this.....
It's very easy to drown in all the information out there on this topic.
I'm looking for something clear, concise, proven -- hope I'm not dreaming ;))
Hope to hear from someone soon.....
Thanks
Frank
ASKER
Thanks very much grblades....
That's a partial but really important piece of the puzzle for me.....
Thanks very much for posting a reply.......
I'll accept in full -- if you can complete the picture for me somewhat.....
Or I'll award partial points (if possible) and try to repost parts of this question in other forum sections that might be more appropriate ?? What do you think ?
1) Can Samba be used to pull down the complete account information from:
* Primary Domain Controller Only ?
* Or Will it also work with MS LDAP implementation (i.e. Active Directory) ?
2) Do modules exist for Samba -- or other networking tools you might know -- that can be used to "synch" openLDAP with account information from NotesDomino as well ??
3) Have you ever heard of pwsynch ?
https://pwsynch.dev.java.net/
Do you -- or anyone in your circle of LDAP peers -- use utilities like pwsynch from the openSource community?
I truly appreciate your attempt to help me......
Thanks
That's a partial but really important piece of the puzzle for me.....
Thanks very much for posting a reply.......
I'll accept in full -- if you can complete the picture for me somewhat.....
Or I'll award partial points (if possible) and try to repost parts of this question in other forum sections that might be more appropriate ?? What do you think ?
1) Can Samba be used to pull down the complete account information from:
* Primary Domain Controller Only ?
* Or Will it also work with MS LDAP implementation (i.e. Active Directory) ?
2) Do modules exist for Samba -- or other networking tools you might know -- that can be used to "synch" openLDAP with account information from NotesDomino as well ??
3) Have you ever heard of pwsynch ?
https://pwsynch.dev.java.net/
Do you -- or anyone in your circle of LDAP peers -- use utilities like pwsynch from the openSource community?
I truly appreciate your attempt to help me......
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I really appreciate your help grblades.....
Thanks very much......
Take Care
Thanks very much......
Take Care
If you setup Samba talking to OpenLDAP you should be able to use the 'net rpc vampire' command to pull down the complete account information into LDAP. You could perhaps schedule it to run once an hour or so.