From owner-freebsd-questions Tue Jun 5 16:45:24 2001 Delivered-To: freebsd-questions@freebsd.org Received: from dell.dannyland.org (dell.dannyland.org [64.81.36.13]) by hub.freebsd.org (Postfix) with ESMTP id DC8E637B406 for ; Tue, 5 Jun 2001 16:45:14 -0700 (PDT) (envelope-from dannyman@toldme.com) Received: by dell.dannyland.org (Postfix, from userid 1001) id 2D9B55C48; Tue, 5 Jun 2001 16:44:43 -0700 (PDT) Date: Tue, 5 Jun 2001 16:44:43 -0700 From: dannyman To: Sean Knox Cc: freebsd-questions@FreeBSD.ORG Subject: Re: LDAP support: iPlanet or OpenLDAP? Message-ID: <20010605164442.G20416@dell.dannyland.org> References: <20010605160736.F20416@dell.dannyland.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from wintermage@home.com on Tue, Jun 05, 2001 at 04:20:29PM -0700 X-Loop: djhoward@uiuc.edu X-URL: http://www.dannyland.org/~dannyman/ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Jun 05, 2001 at 04:20:29PM -0700, Sean Knox wrote: > You mentioned replacing your current LDAP solution with OpenLDAP... any > gotchas thus far? conventional wisdom you can share? I completely agree > about the need to just dive into LDAP to understand it all...I have a copy > of Mark Wilcox's "Implenting LDAP" which I am still reading, as well as > combing through the FAQs and doc's on www.openldap.org. Any books you > suggest picking up? Join the OpenLDAP mailing list. If you are good with perl, learn Net::Perl - it is a lifesaver. * ObPorts: For some reason, p5-Net-LDAP has been renamed perl-ldap, which used to be the Mozilla PerLDAP module. I wrote the maintainer that this is an extremely f'ed situation but I haven't heard back. I'll probably develop and send-pr ports for these two different LDAP client modules. A massive tome is Howes, Smith, and Good _Understanding and Deploying LDAP Directory Services_, I am stepping through Part II as a guide for writing my documentation. > Fortunately, everyone in the company is very supportive of my research with > UN*X and are waiting for me to replace the current IS manager's NT based > network with FreeBSD/OpenBSD. :) I envy you. Currently, we're going to deploy LDAP and AD seperately. To some this seems folly, but AD is a massive load of work seperate from simply worrying about LDAP. I've got working code to set AD passwords via LDAP, and I've already developed a couple of migration / sync scripts, so my current plan is to do my thing with OpenLDAP, and populate AD based on OpenLDAP, and have a password web page that will set both passwords. One neat thing is that I'm running NIS, so until I replace NIS, I can tell OpenLDAP to store DES crypt passwords and configure a special account to read those passwords from the OpenLDAP userPassword attribute. Eventually we are likely to try and merge my OpenLDAP work in to AD to make life simpler. Meanwhile, I keep imagining the kind of massive bucks I could potentially make as a consultant once I get all this down. :) -danny -- http://dannyman.toldme.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message