I'm a little confused on how this is going to happen.
Here's what we
have:
First LDAP server has a base DN of:
o=InformaticsInstitute,o=UMDNJ,c=US
Second LDAP server has a base DN of:
o=research.umdnj.edu,o=umdnj.edu
Some users will be unique to the first LDAP, other users
will be unique
to the second LDAP, and some might overlap. Here's an
example of a user
the first LDAP directory and the second LDAP directory:
uid=someuser,ou=People,o=InformaticsInstitute,o=UMDNJ,c=US
uid=someuser,ou=People,o=research.umdnj.edu,o=umdnj.edu
How am I going to combine these two directories into one?
Other than
the base DN difference, the users are both in ou=People. I
could just
dump all the users from one LDAP directory into the other,
but I want to
make sure I'm doing things right.
The other problem is that I doubt this other dept will grant
us admin
access to their ldap server and doubtful they will give up
their ldap
server to use ours. I don't want to manage this stuff, so
I'll go with
theirs.
If we set up a separate tree on their server for our users,
how can we
add their users from
"ou=People,o=research.umdnj.edu,o=umdnj.edu" to be
able to access our resources when our machines authenticate
users from
"ou=People,o=InformaticsInstitute,o=UMDNJ,c=US"?
Am I thinking about this correctly?
Ryan
-----Original Message-----
From: Bliss, Aaron [mailto:ABliss preferredcare.org]
Sent: Monday, January 30, 2006 8:07 PM
To: jobccbmail.ccbox.com; General Red Hat Linux discussion
list;
golharamumdnj.edu
Subject: RE: OpenLDAP + User Authentication
It really isn't very efficient attempting to maintain two
separate
directories; shame on the other department for setting up
that other
ldap server; best thing to do is to reconcile user and
groups to 1 ldap
server and migrate the member servers that are
authenticating against
the rogue ldap sever to yours after reconciling both.
-----Original Message-----
From: redhat-list-bouncesredhat.com
[mailto:redhat-list-bouncesredhat.com] On Behalf Of
Job Cacka
Sent: Monday, January 30, 2006 7:47 PM
To: golharamumdnj.edu; General Red Hat Linux discussion list
Subject: RE: OpenLDAP + User Authentication
It may be possible to accomplish this, but you have a bigger
problem
than that. Who is ultimately responsible for your network?
They should
be the one that should have the authority to fix this. If No
One person
is sresponsible for Network services then you will have many
problems
like this in the future.
Alternatively, You have a few choices.
1. Do what you propose = Alot of work and research and it
may not be a
success 2. Combine the two LDAP servers into one server with
two trees
make sure to use the least expensive non-proprietary server.
3. Install
two routers and break the departments out of the sharing the
same
network. This is only cost effective if it prevents problems
like this
in the future. It may break other services too.
BTW shame on the other guy for not checking the services
that were
running first before installing the same one. How many
resources did he
waste of the organizations' time and money by not doing his
homework.
Job Cacka
-----Original Message-----
From: redhat-list-bouncesredhat.com
[mailto:redhat-list-bouncesredhat.com]On Behalf Of
Ryan Golhar
Sent: Monday, January 30, 2006 1:45 PM
To: 'General Red Hat Linux discussion list'
Subject: OpenLDAP + User Authentication
I have an LDAP server which I'm using to authenticate my
users from.
Recently, another dept here put their own LDAP server in
place with a
different set of users that may/may not be in my LDAP.
What I'd like to do is have my machines attempt to
authenticate a user
from my LDAP, and if the user doesn't exist, have the LDAP
refer to the
other dept's LDAP server. Is this possible with LDAP? If
so, can
anyone point me to where I can read up on this? I found a
little
information on superior referrals, but no detailed
information on how it
works.
Ryan
--
redhat-list mailing list
unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe
h
ttps://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe
h
ttps://www.redhat.com/mailman/listinfo/redhat-list
www.preferredcare.org
"An Outstanding Member Experience," Preferred Care
HMO Plans -- J. D.
Power and Associates
Confidentiality Notice:
The information contained in this electronic message is
intended for the
exclusive use of the individual or entity named above and
may contain
privileged or confidential information. If the reader of
this message
is not the intended recipient or the employee or agent
responsible to
deliver it to the intended recipient, you are hereby
notified that
dissemination, distribution or copying of this information
is
prohibited. If you have received this communication in
error, please
notify the sender immediately by telephone and destroy the
copies you
received.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe
h
ttps://www.redhat.com/mailman/listinfo/redhat-list
|