[Date Prev][Date Next] [Chronological] [Thread] [Top]

AD -> OpenLDAP sync and userPassword crypt



Two questions in one. First, I'm trying to figure out how difficult it will be to set up Active Directory on W2K to replicate its data to OpenLDAP. All we really need replicated is enough to build out /etc/passwd, /etc/shadow, and /etc/group files. I suspect the difficult part is getting the password out of SAM and into OpenLDAP in crypted form, though I'm guessing someone out there has done this.

Second, I need to dump the OpenLDAP data into /etc/passwd,shadow,group files on some AIX systems. PAM is a poor choice because connectivity is going to be an issue, and we're looking at roughly 200 remote sites with limited bandwidth. The goal is to dump the relevant data about once per day, but the tricky part is dumping the userPassword hash in a format which the OS can understand. I *suspect* {crypt} form will "just work", though I'm wondering if anyone can confirm or deny that (if not, does anyone have a good solution - cleartext in LDAP salted to a crypt hash?)

Thanks!

--
Geoff Silver					<geoff at uslinux dot net>
"If Bill Gates had a nickel for every time Windows crashed...
	Oh wait, he does"