[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: choose AD or LDAP

To: openldap-software@OpenLDAP.org
Subject: Re: choose AD or LDAP
From: Turbo Fredriksson <turbo@bayour.com>
Date: 10 Aug 2003 10:07:50 +0200
In-reply-to: <004701c35eac$f3d1baa0$bbc16bc7@cody>
Organization: Bah!
References: <004701c35eac$f3d1baa0$bbc16bc7@cody>
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

[I sent to a mailinglist, I expect the thread to continue there]

Quoting "cody wang" <codywang@clunet.edu>:

> I am sorry that I am confused. So, if I have SFU, I can just keep AD run
> with OpenLDAP server at the same for the same login/password for each user?
> In that case, where is the database? In AD or LDAP? What is LDAP acting at
> this point? I have sloved the issue for our unix platform(True64/linux) by
> use OpenLDAP but now facing Windows platform and have AD exist, I hope that
> I can do cross platform authentication and also keep AD. So, this is
> possible?

Why are you deploying two similar databases!? If you already have OpenLDAP,
don't use that instead of AD?

If you _MUST_ have two databases (AD and OpenLDAP) for whatever reason,
then syncronize the data between them... If I'm not mistaken the howto
at ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf deals with this...

> -----ì©l¶l¥ó-----
> ±H¥óªÌ: Turbo Fredriksson <turbo@bayour.com>
> ¦¬¥óªÌ: openldap-software@OpenLDAP.org <openldap-software@OpenLDAP.org>
> ¤é´Á: 2003¦~8¤ë9¤é AM 09:26
> ¥D¦®: Re: choose AD or LDAP
> 
> 
> Quoting "cody wang" <codywang@clunet.edu>:
> 
> > As I am also deploying OpenLDAP, I have some delima sitution because
> > we use Microsoft Active Directory. I have read about LDAP System
> > Adminisration by O'Relly Carter that Microsoft Active Directory
> > doesn't support PAM module
> 
> This is rubish. It's perfectly possible, I have done so myself on two
> occations (for a customer that couldn't/wouldn't change to OpenLDAP).
> 
> You need the SFU (Microsoft Services For Unix - free 30 day demo on
> the M$ site). Other than that, it's resonably easy to configure LibNSS-LDAP
> and LibPAM-LDAP to use AD (you have to take advantage of the attribute
> setup - nss_map_{objectclass,attribute}).
> 
> > so we only have to either choose AD or
> > LDAP for our one login/password. Since they cannot exist at the same
> > time, what are people choice? Any idea would appreciate.
> 
> You're asking on a OpenLDAP list what people choose to run!? :)
> 
> 
> In reality, if you CAN change then change. OpenLDAP is WAY faster on
> exact the same hardware than AD. But sometimes you just CAN'T change,
> so solve the issues/problems with what you have...
> 
> 
> *** Incoming Mail scanned for known Viruses by CLUnet ***
-- 
killed North Korea ammonium nitrate CIA 767 Mossad FSF Semtex tritium
kibo supercomputer quiche Ortega Peking
[See http://www.aclu.org/echelonwatch/index.html for more about this]

Prev by Date: Re: Creating branches using ACIs: Insufficient access ('entry' access to a non-existing object)
Next by Date: Check for connection
Index(es):
- Chronological
- Thread