Active Directory and OpenLdap

[marcel]

At the moment we are using a big mount of UNIX servers and
workstations (mostly Linux and Sun Solaris). We also need to implement
a W2K-environment with an Active Directory.
From this Active Directory we still want to use our
user-administration which is in a OpenLdap-directory on UNIX.
I would like to have experiences from other people who implemented a
construction like this.

Thanks in advance,
Marcel

 

[Jimmy Andersson]

Take a look at MMS, www.microsoft.com/mms.
Also you might want to take a look at SimpleSync, www.cps-systems.com.

Regards,
/Jimmy

 

[SimpleSync]

Marcel,
I think you will find SimpleSync from CPS Systems easy to use to synchronize
between your AD and OpenLDAP. Cost for this 2 directory sync is $9,985,
including first year of support and upgrades. With SimpleSync you do not
add a new directory - you just read from one and write to the other. All
attribute mapping is in simple text files.
For more information and to download an evaluation copy of SimpleSync,
please visit www.cps-systems.com .
If you would prefer to see SimpleSync 'live', please contact me at
(e-mail address removed) for a web demo using GoToMyPC or TightVNC.
Thank you for your time,
Jerry Welch
CPS Systems
US/Canada: 1 888 666 0277
International: +1 703 827 0919 (-5 GMT)
www.cps-systems.com

 

[MadDHatteR]

Since you've asked, here's what we do (though it's probably impractical for
your organization)...

All our user information is stored in a MySQL (I think... not sure) database
on a unix server. Any administrative actions happen through the web
interface to the accounts database (everything from new users to changing
passwords to quota changes). The web interface generates separate "dispatch"
files for each OS every time a change is made. Currently a there is a
dispatch for Windows and Unix (the Linux team has managed to use the unix
dispatch file).

Every hour (runs as a cron job, or AT task), a service account scps the
dispatch file from the server and makes all the necessary changes for each
OS. This is done with perl on the Unix side, and a combination of perl and
..cmd scripts on Windows. We have trained all our administrators to make
changes through the web interface so the accounts database doesn't get out
of sync. When users change their passwords, they are told their Windows and
Unix passwords will be different (unless they make them the same). For now,
users have separate unix and Windows homedirs, though they can access either
homedir from both OSes. We're exploring possibilities for homedir
integration.

\\ MadDHatteR