[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: A Few Questions
>Hello, everyone. I've been using OpenLDAP for a little while, and I'm
>starting to hit a few sticking points, so I've subscribed to the list in
>the hopes a few experienced souls will be able to lend me a hand.
>First, is it possible to configure OpenLDAP in a master/slave relationship
>similar to NIS (or DNS or Sendmail)?
>I know I can use slurpd to replicate
>the LDAP directory, but I'd like queries to be sent to my primary LDAP
>server, and only use the slave server if the master goes down. DNS round
>robin won't work, because it will rotate between servers (which will fail
>50% of the time).
I think you need to look for some load-balanceing or clustering solution
(Turbo Linux?) to do this. slapd as far as I know does not have a "fail
over" method, which is what it sound like you are actually looking for.
>Second, is there a good resource somewhere with a list and explanation of
>the attributes which can be implemented in the directory (aside from
>scouring the RFCs and Google)? What I'd really like to find is a table
>with something like:
> attribute type description (and possibly example)
> ---------- ------- ----------------------------------
> uidNumber integer Unix UID used by nsswitch/pam_ldap
> userPassword crypted string Unix password in crpt form, eg.
> {crypt}$1$iInQQgss$ddfds342U7a/
> (must begin with {crypt}!)
No such document exists, AFAIK. Sad. I cover some of this in my LDAP
presentation, and I hope to add more, but it is FAR from exhaustive.
ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf
>etc, etc. I've so far implemented LDAP for a corporate directory and Unix
>authentication/nss, but it's been terribly difficult finding a userful
>list of attributes so that I could implement it.
Yes, it is.
>Which bring up my last question. Is there a good reference on using LDAP
>for Windows NT and/or 2000 authentication?
ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf
>I've heard this is possible,
>but I haven't found any good resources on it. This, of course, would be
>the holy grail - allowing me to get rid of the Windows DCs and use LDAP as
>a central authentication mechanism.
Yes, it is very nice.