Re: [SLUG] Any Active Directory LDAP gurus?
For a perspective of OpenLDAP, OpenSSL, Digest-MD5(Cyrus-SASL), and Kerberos5(GSSAPI) all integrated into one, you may check this web site http://sites.google.com/site/openldaptutorial/Home I have even a script to enable a setup of Kerberized OpenLDAP on Fedora 10. Let me know if you want it. I will email the script. With this script you can setup in no time. The time consuming part is to understand how the bits and pieces hang together. One observation on OpenLDAP. OpenLDAP changes a number of options during each Version. Some of these changes are 'brutal'. Even then OpenLDAP is fast and simple to maintain once you have it going. Another observation, OpenLDAP is ideal for Single Sign On across many OS Platforms mainly due to ease of replication and/or mirroring. The most important point, OpenLDAP is open source as well as the other frameworks you can integrate with it, like OpenSSL, Oracle DB(formerly Sleepy Cat), Cyrus-SASL, and Kerberos5(MIT or Heimdal). Samba works well with it. On Wed, Mar 18, 2009 at 9:43 PM, David Kempe wrote: > >> What I really need to know sooner rather than later is what data I >> need >> to store in our postgresql database. IE what the LDAP schema is. We >> can >> work out the other bits later. > > if you have an AD server you can point an LDAP browser at it and see the > structure/schema > > In terms of making your application an Active Directory server, you need to > be on top of DNS, Kerberos and LDAP to have even a chance of getting it to > work. Samba 4 has taken years, even with help from MS (eventually) > > >> Also would be interested in finding other products (open or not) that >> do >> this running on Ubuntu Hardy preferably. > > not sure exactly what you are trying to do... perhaps if Samba 4 does what > you want, you don't need to worry. It should be able to be backended onto > your database with some wrangling so perhaps you don't need to do anything - > just store your auth info in the database and deal with getting samba 4 to > auth to it. > If you want some other more detailed discussions, feel free to contact me off > list or give me a call. > > thanks > Dave > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Any Active Directory LDAP gurus?
> What I really need to know sooner rather than later is what data I > need > to store in our postgresql database. IE what the LDAP schema is. We > can > work out the other bits later. if you have an AD server you can point an LDAP browser at it and see the structure/schema In terms of making your application an Active Directory server, you need to be on top of DNS, Kerberos and LDAP to have even a chance of getting it to work. Samba 4 has taken years, even with help from MS (eventually) > Also would be interested in finding other products (open or not) that > do > this running on Ubuntu Hardy preferably. not sure exactly what you are trying to do... perhaps if Samba 4 does what you want, you don't need to worry. It should be able to be backended onto your database with some wrangling so perhaps you don't need to do anything - just store your auth info in the database and deal with getting samba 4 to auth to it. If you want some other more detailed discussions, feel free to contact me off list or give me a call. thanks Dave -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Any Active Directory LDAP gurus?
On Wed, Mar 18, 2009 at 12:45:41PM +1100, Grant Parnell wrote: [snip] > Like, I started here... > http://msdn.microsoft.com/en-us/library/ms675085(VS.85).aspx have a look here http://www.padl.com/ > > Also would be interested in finding other products (open or not) that do > this running on Ubuntu Hardy preferably. > > -- > Grant Parnell | Muli Management Pty Ltd | T: 02 9487 3241 | 124 Fox > Valley Rd Wahroonga NSW 2076 | > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- "Will the highways on the Internet become more few?" - George W. Bush 01/29/2000 Concord, N.H. signature.asc Description: Digital signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Any Active Directory LDAP gurus?
On Wed, 18 Mar 2009, Grant Parnell wrote: I've not really dealt with LDAP much but for the application I'm writing it will need to act as an Active Directory Server at some stage in the future. We have our own database of people and when we set login='Yes' we need to create the user account and apparently a heap of other stuff such that people using Windows workstations can now login to the domain, email, proxy, ... etc with those credentials. I have it already doing the standard unix login with no LDAP. ie /etc/passwd, /etc/group, /etc/shadow. I appreciate that this is a LOT of stuff and there is the possibility of payment to get this done. Haven't run it by the boss yet but from a time perspective it would take me far too long. What I really need to know sooner rather than later is what data I need to store in our postgresql database. IE what the LDAP schema is. We can work out the other bits later. I have done a little research and am now more confused than ever.. Like, I started here... http://msdn.microsoft.com/en-us/library/ms675085(VS.85).aspx Also would be interested in finding other products (open or not) that do this running on Ubuntu Hardy preferably. OpenLDAP Sun JES5 OpenDirectory Are all products that will run on Linux that will do LDAP v3 better than AD ever could.The AD schemas are pretty much setup for MS systems, so you need to ensure that whatever product you install/deploy that it contains the right schemas ie in the case of AD, you would want to extend the schema to include posix objectclass and attributes or you would not be able to store UNIX passwd information properly. Also, if you want to do "LDAP-like" authentication, perhaps you could use Mysql/Postgres in combination with PAM to create a backend that will provision users for your applications. rachel -- Rachel Polanskis Kingswood, Greater Western Sydney, Australia gr...@zeta.org.auhttp://www.zeta.org.au/~grove/grove.html The price of greatness is responsibility. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Any Active Directory LDAP gurus?
I've not really dealt with LDAP much but for the application I'm writing it will need to act as an Active Directory Server at some stage in the future. We have our own database of people and when we set login='Yes' we need to create the user account and apparently a heap of other stuff such that people using Windows workstations can now login to the domain, email, proxy, ... etc with those credentials. I have it already doing the standard unix login with no LDAP. ie /etc/passwd, /etc/group, /etc/shadow. I appreciate that this is a LOT of stuff and there is the possibility of payment to get this done. Haven't run it by the boss yet but from a time perspective it would take me far too long. What I really need to know sooner rather than later is what data I need to store in our postgresql database. IE what the LDAP schema is. We can work out the other bits later. I have done a little research and am now more confused than ever.. Like, I started here... http://msdn.microsoft.com/en-us/library/ms675085(VS.85).aspx Also would be interested in finding other products (open or not) that do this running on Ubuntu Hardy preferably. -- Grant Parnell | Muli Management Pty Ltd | T: 02 9487 3241 | 124 Fox Valley Rd Wahroonga NSW 2076 | -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html