[tortech] using ldap/nsswitch on FreeBSD 5.3

Discussion:

(too old to reply)

Jim Mercer

2005-04-08 20:46:16 UTC

anyone here done this config:

FreeBSD 5.3
openldap server
- with unix passwd schema
- with windows password schema
- with outlook addressbook schema
- with users having the same password for unix and windows

nsswitch.conf - so that /etc/passwd is extended by ldap similar to NIS

there is a port for the second part, making nsswitch use ldap, but i'm falling
down on the first part, having an ldap database and populating it.

any hints?

--
[ Jim Mercer ***@reptiles.org +1 416 410-5633 ]
[ I want to live forever, or die trying. ]

Lynda Morris

2005-04-08 22:01:39 UTC

Permalink

Hi Folks,

I'm looking for someone who is an absolute expert in Filemaker Pro. NOT
in creating databases, but in working with the database sharing. We have
had some very bright minds working on these problems who all have
excellent technical skills, but now we need to go off to someone who
knows Filemaker Pro intimately.

If you, or someone you know fits this bill, can you email me at
***@niclyn.com ! Thanks!

warmest regards,

Lynda

Lynda Morris
Vice President
NicLyn Consulting Corporation
416-539-0116
www.niclyn.com
***@niclyn.com

Your full-service I.T. department at affordable monthly rates.

Stephen Worotynec

2005-04-10 22:38:06 UTC

Permalink

On Fri, 8 Apr 2005, Jim Mercer wrote:

| anyone here done this config:
|
| FreeBSD 5.3
| openldap server
| - with unix passwd schema
| - with windows password schema
| - with outlook addressbook schema
| - with users having the same password for unix and windows
|
| nsswitch.conf - so that /etc/passwd is extended by ldap similar to NIS
|
| there is a port for the second part, making nsswitch use ldap, but i'm falling
| down on the first part, having an ldap database and populating it.
|
| any hints?

Hi Jim,

At my workplace, we've been pretty much doing something like this (though
on Linux) over a period of a year or so, and the migration is ongoing.

The subject can't be done justice in a brief email, but to start -
the essential tools for migrating NIS data were the PADL migration tools,
and for Windows (Active Directory), the pwdump tool extracted the
SIDs/GIDs etc., and ldapsearchs against AD extracted information such as
group membership. We then wrote various tools to inject the data into
openldap - perl's Net::LDAP works, but I also found shell wrappers
around ldap{add,search,modify} capable.

Samba running on the ldap server is the authenticator windows users will
generally see, while unix hosts communicate directly with openldap.

In most cases we created LDIF formatted data as an intermediate step
between native format and ldap injection.

The ongoing admin tools include the idealx (smbldap), openldap and samba
command line tools, and as adjuncts phpldapadmin and LDAP Browser.

There are a lot of variables you haven't mentioned, but I would say that
this a major undertaking, which you're probably well aware of.

Stephen