[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Something about Lotus Domino and (Open)LDAP



----- Original Message -----
From: "Michael Fuller" <fullerms@hotmail.com>
To: "Markus Schabel" <markus.schabel@tgm.ac.at>
Cc: <openldap-software@OpenLDAP.org>
Sent: Thursday, June 06, 2002 9:35 AM
Subject: Re: Something about Lotus Domino and (Open)LDAP


> Hi all,
>
> > I'll run 4 samba-domain-controllers with LDAP-authentification, also web-,
> ftp-
> > and ssh-authentification on different servers, and smtp/pop/imap
> > authentification on the mailserver. I think it would be best, to use
> Domino only
> > as source for LDAP-replication, and local LDAP-Servers each
> domain-controller.
>
> True. I considered integrating Domino Authentication with Windows and using
> a setup as mentioned above. But, that will get me into Windows licensing
> issues. Now, I am using the Domino address book to authenticate users, so i
> dont have to buy a Windows server CAL for every mail user. But If I
> integrate Domino authentication with Window accounts, each mail user in
> effect becomes a Windows user, involving CAL costs which my budget will not
> permit.
>
> Is it possible to integrate Domino on Linux platform with Linux
> authentication ? That way all my mail users will be Linux users, and there
> will be no CALs involved.

We try to run all authentication over LDAP, with pam_ldap you can authenticate
your linux-users against LDAP, which is sufficient for (postfix)-mailboxes oder
Maildirs, and you can also use pam_ldap for authenticating pop/imap users
(running courier-pop, courier-imap). Our Domino runs on a debian system, as our
OpenLDAP, the only problem is, that I have to replicate the Domino-LDAP to
OpenLDAP, and then everything should run fine. At the moment we run Domino to
"play with", and OpenLDAP for authentication, but we'd prefer using Domino for
administration, replicate data to OpenLDAP for authentication.

regards
Markus

> Thanks and regards,
> Michael Fuller
>
> ----- Original Message -----
> From: "Markus Schabel" <markus.schabel@tgm.ac.at>
> To: <openldap-software@OpenLDAP.org>
> Cc: "Michael Fuller" <fullerms@hotmail.com>; "Jan-Piet Mens"
> <jpm@Retail-SC.com>
> Sent: Thursday, June 06, 2002 12:54 PM
> Subject: Re: Something about Lotus Domino and (Open)LDAP
>
>
> >
> > ----- Original Message -----
> > From: "Michael Fuller" <fullerms@hotmail.com>
> > To: "Jan-Piet Mens" <jpm@Retail-SC.com>
> > Cc: <openldap-software@OpenLDAP.org>
> > Sent: Thursday, June 06, 2002 9:11 AM
> > Subject: Re: Something about Lotus Domino and (Open)LDAP
> >
> >
> > > Hi all,
> > >
> > > > Why ? Why don't you just use the Domino LDAP task for authentication,
> i.e.
> > > point
> > > > your freeradius and Squid to the hostname of the Domino server ? It'll
> > > save you
> > > > headaches...
> > >
> > > True, but my Domino server will be hit with radius and squid
> authentication
> > > requests also. I would like to move that part to a different server.
> > > Moreover, my domino server will become a single point of failure for all
> > > network services. AND, budgets dictate that I cannot install another
> domino
> > > server with LDAP services.
> >
> > I'll run 4 samba-domain-controllers with LDAP-authentification, also web-,
> ftp-
> > and ssh-authentification on different servers, and smtp/pop/imap
> > authentification on the mailserver. I think it would be best, to use
> Domino only
> > as source for LDAP-replication, and local LDAP-Servers each
> domain-controller.
> >
> > Markus
> >
> > > If I can replicate from Domino it would serve my purpose. Or better
> still,
> > > if I can populate my domino addres book through LDAP, nothing like it.
> > >
> > > Regards and thanks in advance,
> > > Michael Fuller
> > >
> > > ----- Original Message -----
> > > From: "Jan-Piet Mens" <jpm@Retail-SC.com>
> > > To: "Michael Fuller" <fullerms@hotmail.com>
> > > Cc: <openldap-software@OpenLDAP.org>
> > > Sent: Thursday, June 06, 2002 12:15 PM
> > > Subject: Re: Something about Lotus Domino and (Open)LDAP
> > >
> > >
> > > > On Thu, 6 Jun 2002, Michael Fuller wrote:
> > > >
> > > > > A related question here. I have a Domino Server Version 4.6
> installed on
> > > > > windows NT 4.0.
> > > >
> > > > My answers are based on R5 but they could apply to 4.6 as well; I
> don't
> > > know.
> > > >
> > > > > This is my requirement:
> > > > >
> > > > > 1.  I want to replicate the user database to OpenLdap on Red Hat 7.3
> for
> > > use
> > > > > with freeradius and squid proxy for           authentication and
> > > > > authorisation..
> > > >
> > > > Why ? Why don't you just use the Domino LDAP task for authentication,
> i.e.
> > > point
> > > > your freeradius and Squid to the hostname of the Domino server ? It'll
> > > save you
> > > > headaches...
> > > >
> > > > ...
> > > > > 4.  I need to give the users access to change their passwords.
> > > >
> > > > No problem. If a user has bound to Domino correctly, she can change
> the
> > > > userpassword attribute which sets the Internet password in the Domino
> > > directory (NAB).
> > > >
> > > >
> > > >
> > > >
> > >
> >
> >
> >
>