Date: Tue, 5 Jun 2001 16:44:43 -0700 From: dannyman <dannyman@toldme.com> To: Sean Knox <wintermage@home.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: LDAP support: iPlanet or OpenLDAP? Message-ID: <20010605164442.G20416@dell.dannyland.org> In-Reply-To: <OE17yj5oRdtLLVTnE9Q0000b86a@hotmail.com>; from wintermage@home.com on Tue, Jun 05, 2001 at 04:20:29PM -0700 References: <OE161o8yfogkJXrRjbD0000a904@hotmail.com> <20010605160736.F20416@dell.dannyland.org> <OE17yj5oRdtLLVTnE9Q0000b86a@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 05, 2001 at 04:20:29PM -0700, Sean Knox wrote: > You mentioned replacing your current LDAP solution with OpenLDAP... any > gotchas thus far? conventional wisdom you can share? I completely agree > about the need to just dive into LDAP to understand it all...I have a copy > of Mark Wilcox's "Implenting LDAP" which I am still reading, as well as > combing through the FAQs and doc's on www.openldap.org. Any books you > suggest picking up? Join the OpenLDAP mailing list. If you are good with perl, learn Net::Perl - it is a lifesaver. * ObPorts: For some reason, p5-Net-LDAP has been renamed perl-ldap, which used to be the Mozilla PerLDAP module. I wrote the maintainer that this is an extremely f'ed situation but I haven't heard back. I'll probably develop and send-pr ports for these two different LDAP client modules. A massive tome is Howes, Smith, and Good _Understanding and Deploying LDAP Directory Services_, I am stepping through Part II as a guide for writing my documentation. > Fortunately, everyone in the company is very supportive of my research with > UN*X and are waiting for me to replace the current IS manager's NT based > network with FreeBSD/OpenBSD. :) I envy you. Currently, we're going to deploy LDAP and AD seperately. To some this seems folly, but AD is a massive load of work seperate from simply worrying about LDAP. I've got working code to set AD passwords via LDAP, and I've already developed a couple of migration / sync scripts, so my current plan is to do my thing with OpenLDAP, and populate AD based on OpenLDAP, and have a password web page that will set both passwords. One neat thing is that I'm running NIS, so until I replace NIS, I can tell OpenLDAP to store DES crypt passwords and configure a special account to read those passwords from the OpenLDAP userPassword attribute. Eventually we are likely to try and merge my OpenLDAP work in to AD to make life simpler. Meanwhile, I keep imagining the kind of massive bucks I could potentially make as a consultant once I get all this down. :) -danny -- http://dannyman.toldme.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010605164442.G20416>