LDAP migration?

[ameoba]

At work, we're looking into migrating our BSD/Linux/Solaris/Windows network from separate NIS & Active Directory to a single LDAP server. Right now, the only reason that accounts exist on both sides of the system is because we have to manually create them. Main file server is a Linux bos running NFS & we have a Win2003 server running SFU running their NFS proxy software & mapping users to provide access to the Windows clients. Eventually, we're probably going to work a Radius server into the mix.

Does anyone have experience with LDAP and/or migrating to it? Any sage words of advice or things you would'nt (or would) do the 2nd time around?

 

[hokatichenci]

I don't have any experience with LDAP though I'm interested in finding out how it works. At one of the more recent LUG meetings ldap security was discussed, and apparently ldap on its own isn't very secure. There are ways to secure it, but the people in the lug were still exploring those options and didn't have much to say about it. Sorry I can't help any more but if you find any good reads/howtos please post them

-hoka

 

[deuce868]

running openldap and getting all accounts off of it has been a dream of mine for a little over a year. I have yet to go hardcore into it, but it's a really big project and can be really daunting at times.

If you're going to do this make sure you get on the openldap mailing list ([email protected]) and test things galore. Orielly has a ldap book I have been working on getting through but make sure you also know about kerberos, openssl, and the database formats very well.

Keep us up to date on how you do.

 

[Nasty_Savage]

I've experimented with integrating Open Directory in Mac OSX with both Netware eDirectroy and Microsoft Active Directory. Both require schema modifications and can be really tricky to get to work, and this is nothing more elaborate then mounting home directories. It will be my next home project once I get off my arse. Our main problem was the lag for authenticating over wireless networks (a lot of the schools I work in deploy wireless carts) and of course there were problems with policies on the Mac side since we wanted to hide the drives from the kiddies. We've been working on it (half heartedly, since we don't have a dedicated R&D staff) for about two years....it can be a full time job in and of itself....