Re: Openldap to AD
- From: "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx>
- Date: Wed, 24 Jan 2007 19:48:33 -0500
How are the passwords stored in your OL implementation?
I'm thinking that it may be easier to at least one-way sync from OL to AD.
You could roll your own or purchase a 3rd party package. Products range in
price from free to inexpensive to blow your socks off expensive. Typically,
the really expensive ones will offer something that does password sync
bidirectionally.
Some products to check out would range from simplesync to MIIS to a full
blown solution such as CA's identity management suite.
Not sure which ones work best for you, but if your passwords are easily
accessible to administrators in your OL implementation, then I'd say two
things: 1) are you sure you want to sync passwords?
2) Really? Do you want to sync passwords or would it be better to do away
with one of the directories altogether and just standardize on the other? I
mean, with ADAM and AD combined, you can get the same effect without the
security concerns. For the most part, it does of course depend on your
specific needs.
Al
"DT" <DT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E4EBC28A-4832-46F9-829D-D721024B8DB0@xxxxxxxxxxxxxxxx
Right now we have two openldap servers, and an active directory domain,
which
is where users authenticate their windows machines to. The openldap
servers
are for other linux servers, which are mail, ftp, and web, which has all
the
users data. These systems are not tied together at all right now, the
users
have the same logins across the two different systems, but we have to
create
the account in both places and change passwords in both places. What I
want
is for when I create a new account on openldap to be push to AD, and from
there we could move it to a different OU or whatever. I would also like
to
have the passwords in sync if that is possible, both directions. So if a
user changes their password on the linux side or windows side, they sync.
Thanks again...
"Al Mulnick" wrote:
I'm interested in what you want to be able to do exactly? Sync and seed
are
two different things to me; one is long term coexistence and the other is
a
one time deal. In addition, what exactly do you want to get from OL to
AD?
Just account information to be mapped? Are there any transformations?
What
about the clients? How are they to be transitioned? What is the final
design going to look like?
Al
"DT" <DT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B42C6862-2FA0-4240-8820-6DAD5D295197@xxxxxxxxxxxxxxxx
I would like to be able to seed Active Directory, with all of my
accounts
with in openldap. So as accounts are created or modified with in
openldap,
they are propogated to active directory. Has anyone had any luck doing
this?
.
- Follow-Ups:
- Re: Openldap to AD
- From: Michael Ströder
- Re: Openldap to AD
- References:
- Re: Openldap to AD
- From: Al Mulnick
- Re: Openldap to AD
- Prev by Date: Re: Linux to Windows domain migration
- Next by Date: Re: Users and Groups sync in different domain.
- Previous by thread: Re: Openldap to AD
- Next by thread: Re: Openldap to AD
- Index(es):
Relevant Pages
|
|
