Though I did not implement the AD synch component of the iPlanet directory server, it was capable of bi-directional synchronization with AD. For the version I was working with, doing this implied you had to run the iPlanet server with the AD synch component on Win 2K rather than Solaris. Just have all the Unix boxen auth against the iPlanet directory (does not have to be the instance running on 2K since you can use a slave or multi-master instance running on Solaris).
I think the AD<->iPlanet synch functionality is now present in what iPlanet calls the "Integration Edition" of their directory server. Probably similar solutions from other vendors (including components to synch with NIS if you must use it). -- Jim Collins <[EMAIL PROTECTED]> On Wed, 2002-10-30 at 08:19, Betsy Schwartz wrote: > Is anyone here exploring synchronizing passwords between Active Directory, > Solaris, and LDAP? > > I found some info on Microsoft's site about syncing Active Directory to NIS, > ( http://www.microsoft.com > /technet/prodtechnol/windows2000serv/deploy/sfu/psync.asp ) using a PAM > from Microsoft. I'd like to find someone who's actually *done* this. > > The idea of plugging Microsoft security modules into Solaris just makes me > cringe. > > And, LDAP is wanted for other reasons, so just using NIS might not be the > full solution. > (doesn't matter which LDAP server) > > If I understand this correctly, there's no way to get around Active > Directory on the Windows side. But I'd like to try to avoid making it the > master for the Unix side. > > I'm interested in any thoughts or clues on this > (this is all hypothetical right now > > > --- > Send mail for the `bblisa' mailing list to `[EMAIL PROTECTED]'. > Mail administrative requests to `[EMAIL PROTECTED]'. --- Send mail for the `bblisa' mailing list to `[EMAIL PROTECTED]'. Mail administrative requests to `[EMAIL PROTECTED]'.
