[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
AD -> OpenLDAP sync and userPassword crypt
Two questions in one. First, I'm trying to figure out how difficult it
will be to set up Active Directory on W2K to replicate its data to
OpenLDAP. All we really need replicated is enough to build out
/etc/passwd, /etc/shadow, and /etc/group files. I suspect the difficult
part is getting the password out of SAM and into OpenLDAP in crypted form,
though I'm guessing someone out there has done this.
Second, I need to dump the OpenLDAP data into /etc/passwd,shadow,group
files on some AIX systems. PAM is a poor choice because connectivity is
going to be an issue, and we're looking at roughly 200 remote sites with
limited bandwidth. The goal is to dump the relevant data about once per
day, but the tricky part is dumping the userPassword hash in a format
which the OS can understand. I *suspect* {crypt} form will "just work",
though I'm wondering if anyone can confirm or deny that (if not, does
anyone have a good solution - cleartext in LDAP salted to a crypt hash?)
Thanks!
--
Geoff Silver <geoff at uslinux dot net>
"If Bill Gates had a nickel for every time Windows crashed...
Oh wait, he does"