[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: A Few Questions

To: Geoff Silver <geoff@uslinux.net>
Subject: Re: A Few Questions
From: Adam Williams <awilliam@whitemice.org>
Date: 05 Apr 2002 10:46:02 -0500
Cc: OpenLDAP Mailling List <openldap-software@OpenLDAP.org>
In-reply-to: <Pine.LNX.4.32.0204050936010.19868-100000@mail.uslinux.net>
References: <Pine.LNX.4.32.0204050936010.19868-100000@mail.uslinux.net>

>Hello, everyone.  I've been using OpenLDAP for a little while, and I'm
>starting to hit a few sticking points, so I've subscribed to the list in
>the hopes a few experienced souls will be able to lend me a hand.
>First, is it possible to configure OpenLDAP in a master/slave relationship
>similar to NIS (or DNS or Sendmail)?  
>I know I can use slurpd to replicate
>the LDAP directory, but I'd like queries to be sent to my primary LDAP
>server, and only use the slave server if the master goes down.  DNS round
>robin won't work, because it will rotate between servers (which will fail
>50% of the time).

I think you need to look for some load-balanceing or clustering solution
(Turbo Linux?) to do this.  slapd as far as I know does not have a "fail
over" method,  which is what it sound like you are actually looking for.

>Second, is there a good resource somewhere with a list and explanation of
>the attributes which can be implemented in the directory (aside from
>scouring the RFCs and Google)?  What I'd really like to find is a table
>with something like:
>	attribute	type		description (and possibly example)
>	----------	-------		----------------------------------
>	uidNumber	integer		Unix UID used by nsswitch/pam_ldap
>	userPassword	crypted string	Unix password in crpt form, eg.
>					  {crypt}$1$iInQQgss$ddfds342U7a/
>					  (must begin with {crypt}!)

No such document exists, AFAIK.  Sad.  I cover some of this in my LDAP
presentation, and I hope to add more,  but it is FAR from exhaustive.
ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf

>etc, etc.  I've so far implemented LDAP for a corporate directory and Unix
>authentication/nss, but it's been terribly difficult finding a userful
>list of attributes so that I could implement it.

Yes, it is.

>Which bring up my last question.  Is there a good reference on using LDAP
>for Windows NT and/or 2000 authentication?  

ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf

>I've heard this is possible,
>but I haven't found any good resources on it.  This, of course, would be
>the holy grail - allowing me to get rid of the Windows DCs and use LDAP as
>a central authentication mechanism.

Yes, it is very nice.

Follow-Ups:
- Re: A Few Questions
  - From: Geoff Silver <geoff@uslinux.net>

References:
- A Few Questions
  - From: Geoff Silver <geoff@uslinux.net>

Prev by Date: Re: Search Filters
Next by Date: Windows [ERROR 81] Can't contact LDAP server ???
Index(es):
- Chronological
- Thread