LDAP REcommendations? ( was RE: LDAP, DNS,
DHCP etc "integration" )
Haarsma, Michael (SAPOL)
michael.haarsma at police.sa.gov.au
Thu Oct 5 01:55:57 CST 2006
Sorry I confused the issue a little.
You can get windows to authenticate directly to eDirectory, not to SAMBA
if you want. Or you can get it to authenticate to SAMBA which in turn
passes its auth to eDirectory.
With OpenLDAP you can do the later, but if you want to do the former you
need to modify the Windows gina (not really good practice).
I should have made it more clear (sorry rushed post).
email me offlist if you would like help.
Cheers Michael
> -----Original Message-----
> From: Jon Soong [mailto:Jon.Soong at imvs.sa.gov.au]
> Sent: Thursday, 5 October 2006 11:43 AM
> To: Jon.Soong; linuxsa; Haarsma, Michael (SAPOL)
> Subject: RE: LDAP REcommendations? ( was RE: LDAP, DNS, DHCP
> etc "integration" )
>
>
> >Yes eDirectory. http://www.novell.com/products/edirectory/
> supported on
> >SLES, Red Hat. FDS/RDS has limited management tools and you cant
> >natively get windows boxes to authenticate to it, you need
> to go gina
> >hacks to make it work. With eDirectory, you just install the Novell
>
> Ok thanks. I'm not quite sure what you mean by 'natively get
> windows boxes to authenticate to it' ?? we have windows boxes
> auth'ing against our openLDAP/samba set up with no additional
> software?
>
> >Ie if you have a user at Coober Pedy, Mt Gambia doesn't need to know
> >that they have just changed their middle initial. Only the master
> >replica and sites that may potentially have that user
> interact with it
> >need to know. This reduces server load and replication traffic.
>
> Oh ok, that's nice..
>
> >I suspect that your 3-4 people maintaining your 20 LDAP
> slaves could be
> >reduced to 1 or 2, and you could do far more funky things.
>
> Oh I meant more that 3-4 people maintain our dns/dhcp/ldap
> configurations and it works quite well keeping it all in cvs.
> :) :) as far as spending time on it goes, the main problem I
> have with openLDAP is schema changes, which eDirectory looks
> like it will solve.
>
> Thanks for the advice, will look into it
>
> J
>
More information about the linuxsa
mailing list