For a perspective of OpenLDAP, OpenSSL, Digest-MD5(Cyrus-SASL), and Kerberos5(GSSAPI) all integrated into one, you may check this web site
http://sites.google.com/site/openldaptutorial/Home I have even a script to enable a setup of Kerberized OpenLDAP on Fedora 10. Let me know if you want it. I will email the script. With this script you can setup in no time. The time consuming part is to understand how the bits and pieces hang together. One observation on OpenLDAP. OpenLDAP changes a number of options during each Version. Some of these changes are 'brutal'. Even then OpenLDAP is fast and simple to maintain once you have it going. Another observation, OpenLDAP is ideal for Single Sign On across many OS Platforms mainly due to ease of replication and/or mirroring. The most important point, OpenLDAP is open source as well as the other frameworks you can integrate with it, like OpenSSL, Oracle DB(formerly Sleepy Cat), Cyrus-SASL, and Kerberos5(MIT or Heimdal). Samba works well with it. On Wed, Mar 18, 2009 at 9:43 PM, David Kempe <[email protected]> wrote: > >> What I really need to know sooner rather than later is what data I >> need >> to store in our postgresql database. IE what the LDAP schema is. We >> can >> work out the other bits later. > > if you have an AD server you can point an LDAP browser at it and see the > structure/schema > > In terms of making your application an Active Directory server, you need to > be on top of DNS, Kerberos and LDAP to have even a chance of getting it to > work. Samba 4 has taken years, even with help from MS (eventually) > > >> Also would be interested in finding other products (open or not) that >> do >> this running on Ubuntu Hardy preferably. > > not sure exactly what you are trying to do... perhaps if Samba 4 does what > you want, you don't need to worry. It should be able to be backended onto > your database with some wrangling so perhaps you don't need to do anything - > just store your auth info in the database and deal with getting samba 4 to > auth to it. > If you want some other more detailed discussions, feel free to contact me off > list or give me a call. > > thanks > Dave > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
