[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Q: Co-existence of OpenLDAP and 389 Directory Server?

To: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
Subject: Re: Q: Co-existence of OpenLDAP and 389 Directory Server?
From: MJ J <mikedotjackson@gmail.com>
Date: Wed, 22 Aug 2018 06:16:52 +0300
Cc: Openldap Technical <openldap-technical@openldap.org>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=NMvrqbxMmvm7Ahl5YntvR8lMeBZB92Aw4dUigl7puNo=; b=A4M2j+HzLGvE2hsSPi+RZHIMOKJDlQmD1g0SqkYZsoTv3R8CP7BpU4KHpyZGCRF6Fk uwa+l/O80cHS2J362DxHd/PUHuo02MNae50lS2CVMQtHX0iZQWitOPBjTxqhDguIkkAr sp9yx8tbo93Ulvp/hzghgv1AkoD0ScLvh1eRKLAk/5/KJFfH0qbM7i76PQkD6HSTPIhZ M7mWek7guTzAMBFX6hyexTKcJhRt6aLAvd/sZ7MEei6VpVCXSxikYMHaEoLFdWGXfEIR jqSw87jYrugolioSGbeaPr82dGLN6v7lFds7hAXzCzOA+/tnu5fKL4PxMB59DexB4Ikn kqig==
In-reply-to: <5B7A9DD0020000A10002CDF6@gwsmtp1.uni-regensburg.de>
References: <5B7A9DD0020000A10002CDF6@gwsmtp1.uni-regensburg.de>

389 DS is nowadays supporting the syncrepl protocol, so in theory it
_might_ work but I have not tried it.

The real question is why would anyone want to use BDB in 2018 when MDB
has already been around for more than a few years?
On Tue, Aug 21, 2018 at 11:09 PM Ulrich Windl
<Ulrich.Windl@rz.uni-regensburg.de> wrote:
>
> Hi!
>
> As stated some time ago the SUSE Linux Enterprise Server 15 (SLES15) switched from OpenLDAP to 389 Directory Server.
> Trying the latter, I see that it still works with BDB (4.8), and setup is easy. It also seems to have modern features like these:
>
> \n+Entry cn=SSHA256,cn=Password Storage Schemes,cn=plugins,cn=config is added
> \n+Entry cn=SSHA384,cn=Password Storage Schemes,cn=plugins,cn=config is added
> \n+Entry cn=SSHA512,cn=Password Storage Schemes,cn=plugins,cn=config is added
> \n+Entry cn=SHA256,cn=Password Storage Schemes,cn=plugins,cn=config is added
> \n+Entry cn=SHA384,cn=Password Storage Schemes,cn=plugins,cn=config is added
> \n+Entry cn=SHA512,cn=Password Storage Schemes,cn=plugins,cn=config is added
> \n+Entry cn=PBKDF2_SHA256,cn=Password Storage Schemes,cn=plugins,cn=config is added
>
> However I wonder if it's possible to integrate a 389DS (ns-slapd,  http://www.port389.org/) into an OpenLDAP multi-master configuration. Definitely one cannot sync the configuration section, because it's too different.
>
> For example the ACL Syntax looks like this:
> (targetattr="carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || labeledURI || mail || mobile || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier")(version 3.0; acl "Enable self write for common attributes"; allow (write) userdn="ldap:///self";;)
>
> Regards,
> Ulrich
>
>
>
>

References:
- Q: Co-existence of OpenLDAP and 389 Directory Server?
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>

Prev by Date: help to get our openldap updated and replicated
Next by Date: OpenLDAP Developpers Day Silver Jubilee
Index(es):
- Chronological
- Thread