[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: password synchronzation
Is there an openLDAP interface (perhaps perl-backend) that will allow me to
intercept LDAP password changes so that I can distribute the changes to all
my other systems (assume I have the tools to update the other systems'
passwords).
For example, I could write a perl script to check the password strength and
then update all my other systems and LDAP. Where/how can I slot this script
into openLDAP?
--
Simon Oliver
> -----Original Message-----
> From: Howard Chu [mailto:hyc@highlandsun.com]
> Sent: 31 March 2004 10:28
> To: 'Simon Oliver'; OpenLDAP-software@OpenLDAP.org
> Subject: RE: password synchronzation
>
>
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of
> Simon Oliver
>
> > I have a heterogeneous network. I want to use LDAP as the
> "truth" for
> > account data/credentials.
> >
> > I need a system for two-way synchronization of password changes
> > between the various systems (NT domain, Samba, SQL
> Database, UNIX PAM,
> > etc), using LDAP
> > as the master.
> >
> > I can install a password filter on the NT PDC to update
> LDAP passwords
> > and I believe there are PAM options to do this for UNIX.
>
> Since none of these items you list are themselves pieces of
> OpenLDAP software, the relevance to this list seems pretty
> low. It might be more appropriate for the general LDAP list
> (ldap@umich.edu).
>
> Most of the systems you're interested in already have LDAP
> support, so solving those is a no-brainer. E.g. PADL's
> pam_ldap for Unix PAM, Samba already has native LDAP support.
> Since they reference LDAP directly there is no
> synchronization tool required.
>
> SQL Database - there are so many different SQL databases, and
> the answer depends on which specific one you want. I note
> that Symas has a LDAP agents that allow management of Oracle
> and Informix accounts. We also have another agent for
> managing NT PDCs via LDAP. In these cases, synchronization is
> a simple matter of replication from an OpenLDAP master to
> each of these agents.
>
> > What I need is an openLDAP tool/interface to update the
> other systems
> > as and when the LDAP password is changed. Any ideas?
>
> With the right infrastructure, OpenLDAP slurpd will do the
> updating. As for other tools/interfaces, all of Symas' agents
> are built using the OpenLDAP libraries. It's certainly
> feasible for you to write your own using OpenLDAP software.
>
> -- Howard Chu
> Chief Architect, Symas Corp. Director, Highland Sun
> http://www.symas.com http://highlandsun.com/hyc
> Symas: Premier OpenSource Development and Support
>
>