acctsync-general Mailing List for LDAP Account Sync
Status: Abandoned
Brought to you by:
nobull
You can subscribe to this list here.
2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
(6) |
Jul
|
Aug
|
Sep
|
Oct
(10) |
Nov
(8) |
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2003 |
Jan
(2) |
Feb
(4) |
Mar
(8) |
Apr
(4) |
May
(7) |
Jun
(2) |
Jul
|
Aug
(1) |
Sep
|
Oct
(3) |
Nov
|
Dec
|
2004 |
Jan
(3) |
Feb
(3) |
Mar
(4) |
Apr
|
May
(4) |
Jun
(3) |
Jul
(1) |
Aug
|
Sep
|
Oct
(5) |
Nov
(2) |
Dec
|
2005 |
Jan
|
Feb
|
Mar
|
Apr
(6) |
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2006 |
Jan
(1) |
Feb
|
Mar
|
Apr
(4) |
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2008 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2011 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(3) |
Oct
|
Nov
|
Dec
|
2013 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
2016 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Anastasios T. <Ana...@sa...> - 2013-10-03 15:19:47
|
Hi all, I'm trying to use passwdhk on Windows Server 2012 but with no luck so far. I have installed the exe downloaded from sourceforge and have the following configuration with the default passwd.bat batch file: * My original passwdhk.dll was installed on c:\windows\syswow64\passwdhk.dll. * The passwdhk.reg file set the following values preChangeProgArgs -> C:\passwd.bat preChangeProg -> <empty> * On registry: ...->Lsa->Notification Packages have the following values separated by enter: scecli rassfm passwdhk * The local as well as domain password policy regarding complexity requirements is enabled. Still I change a user password via either AD or manually on domain client computer and the passwd.bat does not append anything to the c:\temp\passwd.txt. What am I doing wrong? Regards, Anastasios Tzavellas [Sapienza Logo]<http://www.sapienzaconsulting.com/> Anastasios Tzavellas Junior IT System Engineer ESIC Sapienza Consulting Kapteynstraat 1 2201 BB Noordwijk The Netherlands Tel: +31 (0) 71 407 6518 Fax: +31 (0) 71 407 6536 Mob: Follow us on: [Linkedin]<http://www.linkedin.com/company/sapienza-consulting> [Twitter] <https://twitter.com/sapienzajobs> The contents of this e-mail and any attachment are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email and/or any attachment in error, please notify the sender immediately and then delete it. If you are not the intended recipient, you must not distribute, disclose, use, copy, print or rely on this e-mail. Communicating by email is not 100% secure, error or virus free. It is your responsibility to ensure that viruses do not adversely affect your system. If you communicate with us by e-mail you agree to take appropriate measures to minimise these risks when e-mailing us. We may monitor, record, store and use any email communication with you in order to check any instructions given to us, for training purposes, for crime prevention, to improve the quality of our customer service and to keep records of our business communications. Sapienza Consulting Limited is a limited company registered in England and Wales with its registered office at 61 Rodney Street, Liverpool, Merseyside, L1 9ER and registered number 2986023 |
From: Elkadali M. <m_e...@ya...> - 2011-09-15 14:41:32
|
<a tabindex="1" title="" name="gaoirzynzd" href="http://goodflyers.com/invitation.html">http://goodflyers.com/invitation.html</a> |
From: Elkadali M. <m_e...@ya...> - 2011-09-15 01:04:27
|
<a tabindex="1" title="" name="lftiqiyyms" href="http://video.fw.ky.gov/invitation.html">http://video.fw.ky.gov/invitation.html</a> |
From: Ankush K. <ank...@ne...> - 2008-05-20 15:30:40
|
Hi, This is Ankush Khutwad. I am working as system administrator. I would like to sync my active directory with openldap server for my remote site. I am unable to find enough documents to setup. I have downloaded all required software from given sites. Can somebody will help me to setup openldap. What derivatives will be use in slapd.conf file. If any body has the sample of entire configuration please forward it to me. I am eagerly looking for the same. Thanks in advance. Ankush +91 9923090231 |
From: Alex B. <al...@ro...> - 2008-04-15 01:55:43
|
Hi, My name is Alex Brezinov. I am a software developer and got some new task recently to work with OpenLdap. I am doing high level design for the our future project and would like to study how to replicate/synchronize with Microsoft Active Directory. I would like to be able to get a specific DN with associated entries from AD, then I would like to merge this entries to slapd. Please help where I could get some information how to get data from MS AD server (setup linux box), I would prefer to get this information asynchronies upon this data were change on AD server. Please point me to right open source or some wiki page, just any help will be greatly appreciated. Sincerely, Alex Brezinov |
From: Ibrahim N. <ibr...@jh...> - 2008-03-27 13:28:45
|
Hello, We have been using passwdhk on our current domain controllers running Windows 2003 Server R2. We are trying to bring up new domain controllers running Windows Server 2003 R2 64 bit. I installed passwdhk on one of the new domain controllers to test but it is not working. Is there a 64 bit installation for passwdhk or will I be able to get the current version to work on 64 bit servers. Thanks. -Ibrahim |
From: Frittella L. <lau...@gm...> - 2007-05-15 14:53:12
|
Hi, I'm interested in passwdHk to use it on my Win2k3 domain server. I used your installer, but I checked that all is setup properly following manual installation instruction. I've installed and configured it to use "passwd.bat" example script (if I run it manually it creates the output file correctly) and to log in c:\temp\pwd.log, then I tried to change a password from a domain-client pc but nothing appears into the c:\temp folder (no log, no sample output). How can I check that passwdHk is working?? Thanks in advance, Laurento |
From: Mahlon E. S. <ma...@ma...> - 2006-05-17 00:04:57
|
I'd appreciate some guidance here. The ldapperl pieces that are distributed with acctsync are linked against what seem to be very specific .dll versions. Besides requiring activestate 5.6, I've been playing a trial-and-error game today trying to find the versions of ssleay32.dll and libeay32.dll that don't throw errors when loading OpenLDAP::API. I think I've gotten those worked out, but now I need a libsasl.dll as well. I've found a couple via google with some effort, but all throw a 'The procedure entry point sasl_errdetail could not be located in the dynamic link library libsasl.dll'. This suggests to me I don't have the same version that the OpenLDAP::API XS was linked against. acctsync still appears to be a viable option if there was a decent package with all the required pieces. Can someone please direct me to a spot where I can get this stuff, so I can move forward - or perhaps a more up to date ldapperl? (The SF project has no files released.) Thanks. -Mahlon -- Mahlon E. Smith ma...@ma... | http://www.martini.nu/ |
From: Curtis R. <cro...@fi...> - 2006-04-28 12:44:37
|
Son Nguyen Truong, Let start with this. What is your configuration for passwdhk? Can you provide me with all the settings? You can see if the dll is properly loaded by running this util: http://www.sysinternals.com/Utilities/ListDlls.html Look for the filename passwdhk.dll to be under lsass.exe. If it is there, then passwdhk should be properly installed. - Curtis > Dear Curtis, > > I am implementing the acctsync project to my company. > I have installed as shown in the installing instruction on my win2003 > server: > 1. Activeperl > 2. passwdHK > 3. openldap-acctsync > 4. ldapperl > 5. acctsync > Before checking if the acctsync can run on my system, I want to check if > passwdhk can run first. I change the password on my computer. But the > passwdhk doesn't write anything to the log file. I am sure the > passwdhk.dll > is in c:/winnt/system32. Can you show me to way to test if passwdhk runs > OK > on my PC? > > Thanks and regards, > SonNguyenTruong. > > > -----Original Message----- > From: acc...@li... > [mailto:acc...@li...] On Behalf Of Curtis > Robinson > Sent: Thursday, April 27, 2006 8:49 PM > To: ntr...@tm... > Cc: acc...@li... > Subject: [Acctsync-general] Re: Acctsync-general digest, Vol 1 #68 - 1 msg > > Son Nguyen Truong, > > What kind of test? > > - Curtis >> Send Acctsync-general mailing list submissions to >> acc...@li... >> >> To subscribe or unsubscribe via the World Wide Web, visit >> https://lists.sourceforge.net/lists/listinfo/acctsync-general >> or, via email, send a message with subject or body 'help' to >> acc...@li... >> >> You can reach the person managing the list at >> acc...@li... >> >> When replying, please edit your Subject line so it is more specific >> than "Re: Contents of Acctsync-general digest..." >> >> >> Today's Topics: >> >> 1. Help! (Son Nguyen Truong) >> >> --__--__-- >> >> Message: 1 >> From: "Son Nguyen Truong" <ntr...@tm...> >> To: <acc...@li...> >> Date: Wed, 26 Apr 2006 09:53:39 +0700 >> Subject: [Acctsync-general] Help! >> >> This is a multi-part message in MIME format. >> >> ------=_NextPart_000_0FD6_01C66917.4B4141D0 >> Content-Type: text/plain; >> charset="us-ascii" >> Content-Transfer-Encoding: 7bit >> >> Dear All, >> >> >> >> Can somebody tell me how to test passwdHK? >> >> Thanks a lots. >> >> >> >> Regards, >> >> SonNguyenTruong. >> >> >> ------=_NextPart_000_0FD6_01C66917.4B4141D0 >> Content-Type: text/html; >> charset="us-ascii" >> Content-Transfer-Encoding: quoted-printable >> >> <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" = >> xmlns:w=3D"urn:schemas-microsoft-com:office:word" = >> xmlns=3D"http://www.w3.org/TR/REC-html40"> >> >> <head> >> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = >> charset=3Dus-ascii"> >> <meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)"> >> <style> >> <!-- >> /* Style Definitions */ >> p.MsoNormal, li.MsoNormal, div.MsoNormal >> {margin:0in; >> margin-bottom:.0001pt; >> font-size:12.0pt; >> font-family:"Times New Roman";} >> a:link, span.MsoHyperlink >> {color:blue; >> text-decoration:underline;} >> a:visited, span.MsoHyperlinkFollowed >> {color:purple; >> text-decoration:underline;} >> span.EmailStyle17 >> {mso-style-type:personal-compose; >> font-family:Arial; >> color:windowtext;} >> @page Section1 >> {size:8.5in 11.0in; >> margin:1.0in 1.25in 1.0in 1.25in;} >> div.Section1 >> {page:Section1;} >> --> >> </style> >> >> </head> >> >> <body lang=3DEN-US link=3Dblue vlink=3Dpurple> >> >> <div class=3DSection1> >> >> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = >> style=3D'font-size:10.0pt; >> font-family:Arial'>Dear All,<o:p></o:p></span></font></p> >> >> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = >> style=3D'font-size:10.0pt; >> font-family:Arial'><o:p> </o:p></span></font></p> >> >> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = >> style=3D'font-size:10.0pt; >> font-family:Arial'>Can somebody tell me how to test = >> passwdHK?<o:p></o:p></span></font></p> >> >> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = >> style=3D'font-size:10.0pt; >> font-family:Arial'>Thanks a lots.<o:p></o:p></span></font></p> >> >> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = >> style=3D'font-size:10.0pt; >> font-family:Arial'><o:p> </o:p></span></font></p> >> >> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = >> style=3D'font-size:10.0pt; >> font-family:Arial'>Regards,<o:p></o:p></span></font></p> >> >> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = >> style=3D'font-size:10.0pt; >> font-family:Arial'>SonNguyenTruong.<o:p></o:p></span></font></p> >> >> </div> >> >> </body> >> >> </html> >> >> ------=_NextPart_000_0FD6_01C66917.4B4141D0-- >> >> >> >> >> >> --__--__-- >> >> _______________________________________________ >> Acctsync-general mailing list >> Acc...@li... >> https://lists.sourceforge.net/lists/listinfo/acctsync-general >> >> >> End of Acctsync-general Digest >> > > > -- > Curtis Robinson > crobinso at fit.edu > > > > ------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job > easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Acctsync-general mailing list > Acc...@li... > https://lists.sourceforge.net/lists/listinfo/acctsync-general > > > -- Curtis Robinson crobinso at fit.edu |
From: Son N. T. <ntr...@tm...> - 2006-04-28 02:27:49
|
Dear Curtis, I am implementing the acctsync project to my company. I have installed as shown in the installing instruction on my win2003 server: 1. Activeperl 2. passwdHK 3. openldap-acctsync 4. ldapperl 5. acctsync Before checking if the acctsync can run on my system, I want to check if passwdhk can run first. I change the password on my computer. But the passwdhk doesn't write anything to the log file. I am sure the passwdhk.dll is in c:/winnt/system32. Can you show me to way to test if passwdhk runs OK on my PC? Thanks and regards, SonNguyenTruong. -----Original Message----- From: acc...@li... [mailto:acc...@li...] On Behalf Of Curtis Robinson Sent: Thursday, April 27, 2006 8:49 PM To: ntr...@tm... Cc: acc...@li... Subject: [Acctsync-general] Re: Acctsync-general digest, Vol 1 #68 - 1 msg Son Nguyen Truong, What kind of test? - Curtis > Send Acctsync-general mailing list submissions to > acc...@li... > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/acctsync-general > or, via email, send a message with subject or body 'help' to > acc...@li... > > You can reach the person managing the list at > acc...@li... > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Acctsync-general digest..." > > > Today's Topics: > > 1. Help! (Son Nguyen Truong) > > --__--__-- > > Message: 1 > From: "Son Nguyen Truong" <ntr...@tm...> > To: <acc...@li...> > Date: Wed, 26 Apr 2006 09:53:39 +0700 > Subject: [Acctsync-general] Help! > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0FD6_01C66917.4B4141D0 > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: 7bit > > Dear All, > > > > Can somebody tell me how to test passwdHK? > > Thanks a lots. > > > > Regards, > > SonNguyenTruong. > > > ------=_NextPart_000_0FD6_01C66917.4B4141D0 > Content-Type: text/html; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" = > xmlns:w=3D"urn:schemas-microsoft-com:office:word" = > xmlns=3D"http://www.w3.org/TR/REC-html40"> > > <head> > <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = > charset=3Dus-ascii"> > <meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)"> > <style> > <!-- > /* Style Definitions */ > p.MsoNormal, li.MsoNormal, div.MsoNormal > {margin:0in; > margin-bottom:.0001pt; > font-size:12.0pt; > font-family:"Times New Roman";} > a:link, span.MsoHyperlink > {color:blue; > text-decoration:underline;} > a:visited, span.MsoHyperlinkFollowed > {color:purple; > text-decoration:underline;} > span.EmailStyle17 > {mso-style-type:personal-compose; > font-family:Arial; > color:windowtext;} > @page Section1 > {size:8.5in 11.0in; > margin:1.0in 1.25in 1.0in 1.25in;} > div.Section1 > {page:Section1;} > --> > </style> > > </head> > > <body lang=3DEN-US link=3Dblue vlink=3Dpurple> > > <div class=3DSection1> > > <p class=3DMsoNormal><font size=3D2 face=3DArial><span = > style=3D'font-size:10.0pt; > font-family:Arial'>Dear All,<o:p></o:p></span></font></p> > > <p class=3DMsoNormal><font size=3D2 face=3DArial><span = > style=3D'font-size:10.0pt; > font-family:Arial'><o:p> </o:p></span></font></p> > > <p class=3DMsoNormal><font size=3D2 face=3DArial><span = > style=3D'font-size:10.0pt; > font-family:Arial'>Can somebody tell me how to test = > passwdHK?<o:p></o:p></span></font></p> > > <p class=3DMsoNormal><font size=3D2 face=3DArial><span = > style=3D'font-size:10.0pt; > font-family:Arial'>Thanks a lots.<o:p></o:p></span></font></p> > > <p class=3DMsoNormal><font size=3D2 face=3DArial><span = > style=3D'font-size:10.0pt; > font-family:Arial'><o:p> </o:p></span></font></p> > > <p class=3DMsoNormal><font size=3D2 face=3DArial><span = > style=3D'font-size:10.0pt; > font-family:Arial'>Regards,<o:p></o:p></span></font></p> > > <p class=3DMsoNormal><font size=3D2 face=3DArial><span = > style=3D'font-size:10.0pt; > font-family:Arial'>SonNguyenTruong.<o:p></o:p></span></font></p> > > </div> > > </body> > > </html> > > ------=_NextPart_000_0FD6_01C66917.4B4141D0-- > > > > > > --__--__-- > > _______________________________________________ > Acctsync-general mailing list > Acc...@li... > https://lists.sourceforge.net/lists/listinfo/acctsync-general > > > End of Acctsync-general Digest > -- Curtis Robinson crobinso at fit.edu ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Acctsync-general mailing list Acc...@li... https://lists.sourceforge.net/lists/listinfo/acctsync-general |
From: Curtis R. <cro...@fi...> - 2006-04-27 13:50:10
|
Son Nguyen Truong, What kind of test? - Curtis > Send Acctsync-general mailing list submissions to > acc...@li... > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/acctsync-general > or, via email, send a message with subject or body 'help' to > acc...@li... > > You can reach the person managing the list at > acc...@li... > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Acctsync-general digest..." > > > Today's Topics: > > 1. Help! (Son Nguyen Truong) > > --__--__-- > > Message: 1 > From: "Son Nguyen Truong" <ntr...@tm...> > To: <acc...@li...> > Date: Wed, 26 Apr 2006 09:53:39 +0700 > Subject: [Acctsync-general] Help! > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0FD6_01C66917.4B4141D0 > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: 7bit > > Dear All, > > > > Can somebody tell me how to test passwdHK? > > Thanks a lots. > > > > Regards, > > SonNguyenTruong. > > > ------=_NextPart_000_0FD6_01C66917.4B4141D0 > Content-Type: text/html; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" = > xmlns:w=3D"urn:schemas-microsoft-com:office:word" = > xmlns=3D"http://www.w3.org/TR/REC-html40"> > > <head> > <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = > charset=3Dus-ascii"> > <meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)"> > <style> > <!-- > /* Style Definitions */ > p.MsoNormal, li.MsoNormal, div.MsoNormal > {margin:0in; > margin-bottom:.0001pt; > font-size:12.0pt; > font-family:"Times New Roman";} > a:link, span.MsoHyperlink > {color:blue; > text-decoration:underline;} > a:visited, span.MsoHyperlinkFollowed > {color:purple; > text-decoration:underline;} > span.EmailStyle17 > {mso-style-type:personal-compose; > font-family:Arial; > color:windowtext;} > @page Section1 > {size:8.5in 11.0in; > margin:1.0in 1.25in 1.0in 1.25in;} > div.Section1 > {page:Section1;} > --> > </style> > > </head> > > <body lang=3DEN-US link=3Dblue vlink=3Dpurple> > > <div class=3DSection1> > > <p class=3DMsoNormal><font size=3D2 face=3DArial><span = > style=3D'font-size:10.0pt; > font-family:Arial'>Dear All,<o:p></o:p></span></font></p> > > <p class=3DMsoNormal><font size=3D2 face=3DArial><span = > style=3D'font-size:10.0pt; > font-family:Arial'><o:p> </o:p></span></font></p> > > <p class=3DMsoNormal><font size=3D2 face=3DArial><span = > style=3D'font-size:10.0pt; > font-family:Arial'>Can somebody tell me how to test = > passwdHK?<o:p></o:p></span></font></p> > > <p class=3DMsoNormal><font size=3D2 face=3DArial><span = > style=3D'font-size:10.0pt; > font-family:Arial'>Thanks a lots.<o:p></o:p></span></font></p> > > <p class=3DMsoNormal><font size=3D2 face=3DArial><span = > style=3D'font-size:10.0pt; > font-family:Arial'><o:p> </o:p></span></font></p> > > <p class=3DMsoNormal><font size=3D2 face=3DArial><span = > style=3D'font-size:10.0pt; > font-family:Arial'>Regards,<o:p></o:p></span></font></p> > > <p class=3DMsoNormal><font size=3D2 face=3DArial><span = > style=3D'font-size:10.0pt; > font-family:Arial'>SonNguyenTruong.<o:p></o:p></span></font></p> > > </div> > > </body> > > </html> > > ------=_NextPart_000_0FD6_01C66917.4B4141D0-- > > > > > > --__--__-- > > _______________________________________________ > Acctsync-general mailing list > Acc...@li... > https://lists.sourceforge.net/lists/listinfo/acctsync-general > > > End of Acctsync-general Digest > -- Curtis Robinson crobinso at fit.edu |
From: Son N. T. <ntr...@tm...> - 2006-04-26 02:57:15
|
Dear All, Can somebody tell me how to test passwdHK? Thanks a lots. Regards, SonNguyenTruong. |
From: Sylvain <sy...@e-...> - 2006-01-06 13:41:07
|
Hello, I would like to know if its exists a documentation about to configure/test activesync, openldap, Active directory. Because i didn't find yet. Regards. Sylvain |
From: Dihor, V. <vik...@fe...> - 2005-05-31 16:55:27
|
Hello everybody, =20 I try to install acctsync. So that is how i done it: =20 Action State = Comments =20 1) Active Perl install worked fine 2) PWD Filter install worked fine 3) OpenLDAP+perl32 worked fine which user and = password do i need to login into the LDAP System? Backend install 4) what steps need to be done to sync ADS <=3D=3D> OpenLDAP = Bidirectional. =20 =20 =20 Many thanks in advanced/Mit freundlichen Gr=FCssen, =20 Viktor Dihor Fernw=E4rme Ulm GmbH =20 Dieses E-Mail ist vertraulich. Wenn Sie nicht der rechtm=E4=DFige = Empf=E4nger sind, d=FCrfen Sie den Inhalt weder kopieren, verbreiten oder benutzen. Sollten Sie dieses E-Mail versehentlich erhalten haben, senden Sie es = bitte an uns zur=FCck und l=F6schen es anschlie=DFend.=20 This email is confidential. If you are not the intended recipient, you = must not copy, disclose or use its contents. If you have received it in = error, please inform us immediately by return email and delete the document.=20 =20 |
From: Dihor, V. <vik...@fe...> - 2005-05-31 07:25:00
|
Hello everybody, =20 hase somebody experince whith Acctiv Sync and Windows Server 2003. Does AcctivSync funktion? =20 I would like to to implement a SSO System/Metadirectory. =20 =20 =20 Many Thanks in advanced/Mit freundlichen Gr=FCssen, =20 Viktor Dihor Fernw=E4rme Ulm GmbH =20 Dieses E-Mail ist vertraulich. Wenn Sie nicht der rechtm=E4=DFige = Empf=E4nger sind, d=FCrfen Sie den Inhalt weder kopieren, verbreiten oder benutzen. Sollten Sie dieses E-Mail versehentlich erhalten haben, senden Sie es = bitte an uns zur=FCck und l=F6schen es anschlie=DFend.=20 This email is confidential. If you are not the intended recipient, you = must not copy, disclose or use its contents. If you have received it in = error, please inform us immediately by return email and delete the document.=20 =20 |
From: Curtis R. <cro...@fi...> - 2005-04-28 14:07:47
|
Hi Josh, Not a problem. I built with everything you have listed there. Building with the latest software is probably your issue. I do not have the build scripts that the developer is using to build the 2.2.24. Did you install all the necessary Ming packages? MinGW-3.1.0-1 MSYS-1.0.10 msysDTK-1.0.1 I did not notice that issue with the build it script continues if there is an error. Putting in error checking would be nice. I am talking with the developer of the build-it script and I could easily add this code. First, I need to make sure I am on the same page as the developer. The password sync is two-way already. There is the passwdHk (AD->OPENLDAP) and OpenLDAP w/ Acctsync.pm (OPENLDAP->AD). I have a hard time trying the UNIX and Windows world to work together. > Hi Curtis, > > Sorry its been a few days, I also have alot of other projects. :) > I was looking at your built-it script, thanks for the diff also. > > BDB=db-4.2.52 > OPENSSL=openssl-0.9.7d > SASL=cyrus-sasl-2.1.18 > REGEX=gnu-regex-2.3.2 > OPENLDAP=openldap-2.2.15 > > Are these the versions you built with? I used OpenSSL 0.9.7g and OpenLDAP > 2.2.24, so the diff may or may not be applicable. Also I was thinking of > modularizing the build-it script a bit, any thoughts? It would be nice if > each part of the build would return a status to the calling script so that > if a build fails, it doesnt just plough through to the next one. I also > wanted to ask, does the password change sync only one direction > (AD->LDAP), and if so, do you have anyplans for bi-directional synching? > If theres anything I can do to help let me know, its certainly an > interesting project, but I must admit my experience with Windows coding is > somewhat limited, I'm a Unix admin by trade, lol. Thanks again! > > -Josh > > > -- Curtis Robinson crobinso at fit.edu |
From: Curtis R. <cro...@fi...> - 2005-04-27 18:55:00
|
Hello, I have a new version of OpenLDAP built with an installer. :) Much thanks to these folks: http://lucas.bergmans.us/hacks/openldap/ I wanted to know how many people would be interested in a new openldap. -- Curtis Robinson crobinso at fit.edu |
From: Curtis R. <cro...@fi...> - 2005-04-26 17:19:56
|
Josh, I got it to compile but I have not tested it thoroughly. The following attachment has the necessary changes to patch openldap to compile with AS Perl 5.6. You may have to change the patch file to point to the correct directories for AS Perl (ie. /c/Perl/lib/CORE). It is a hack but it works. I set the environment variable PERLBIN to /c/perl/bin/perl.exe. I changed the build-it script to allow for custom openldap configuration options and it is attached. I copied the perl56.lib to perl56.a like you suggested. > Josh Holman, > > I did not have any issues with building OpenSSL. I am thinking you did not use the build-it script because that script does patches to all the packages. Or the patches are not getting applied somehow. > > The AS Perl is definitely setup for the ms vc development environment, so > I will try to get it working. > > >> One of the big annoyances I had in building on MinGW is that >> when archives are untarred the symlinks are not created. I dont know if there is a good way around this, or if my MinSYS is >> just wacked, but as far as could find on the web mingw doesnt >> really support symlinks all that much. (You can do a ln- s on >> the CLI but tar cant seem to to do it.) I built DB the normal >> way with and installed it so I wouldnt get any version >> mismatches. The OpenSSL build method used in Bergmans scripts, >> just didnt work for me. The problem as far as I could see was >> even though it was using 'configure mingw', when its building >> the encryption libs needed for libcrypto.a, the makefile tries >> to use gcc then dump the ASM code into 'as'. The code this >> produces is not acceptable to 'as', most likely it outputs >> AT&T format ASM code and not Intel format but I dont >> actually know what the problem was, once I noticed there were >> perl scripts in each dir to make the win32 code for you :). So, then I just skipped over all that by copying the mingw32.bat >> from the MS dir in openssl to the root of openssl and running >> that, which produces all the .exe's for you (and uses the >> aforementioned perl to generate the ASM of course :) ) . Sadly it doesnt make a libcrypto.dll so you'll need to go to the /out directory where the output is and dllwrap libcrypto.a to make >> the much needed libcrypto.dll that LDAP will need. The other >> .DLLs should already be there or in MS. Then came ActivePerl >> time, the configure script uses 'perl -MExtUtils::Embed -e >> ldopts' to ask perl for its linking stuff, which was really my >> problem. What ActivePerl returned to the configure was totally >> useless to gcc. I ended up replacing the LD flags in the make >> files for slapd and back-perl and some others in /servers to >> link on my C:\Perl\lib\CORE\perl58.lib (which I actually had to rename perl58.a to get 'ld' to like it) I did use the #define >> HAVE_W32_ASPERL but other than including the undefs, not really sure what > -- Curtis Robinson crobinso at fit.edu |
From: Curtis R. <cro...@fi...> - 2005-04-22 19:41:35
|
Josh, I am not sure about the problem with it. I can try to replicate the bug and see if where it is happening. Tell me what you did differently in the configuration and building of OpenLDAP. > Hi! > I started off using Bergmans scripts and the MinGW toolchain, > although the current set of scripts I was able to download from > his site (openldap-mingw-build-4) did not quite work properly for > the versions I was using. BerkeleyDB bulds fairly easily but I > ended up doing OpenSSL diffrently (And once I figured it out, > probably much easier:) I finally figured out how to get it to > link and build with AS Perl, but something is still awry. Slapd > will not except any suffix except suffix="". Have you any idea > what might cause that? It may be my build, the whole process was > pretty shaky. :) I was going to send you my binaries but your > mailer wont accept the size, let me know if you're interested and > I can get them to you. Do you have any insight why slapd refuses > to accept my suffix DN. (The build on acctSync page using the same > slapd.conf is fine.) Do you suppose the slapd problem is with my > build, or a OpenLDAP 2.2.24 MinGW bug? I dont wont to file a bug > on OpenLDAP if its just an oversight or problem with my build. > Thanks! > > -Josh > > PS. I did use Perl 5.8, but it does appear to me to be a Perl related > problem. > > output: > > C:\OpenLDAP\libexec>slapd -d 255 -f ../etc/openldap/slapd.conf > @(#) $OpenLDAP: slapd 2.2.24 (Apr 21 2005 12:41:50) $ > @SIMURG:/src/openldap-dist/openldap-2.2.24/servers/slapd > daemon_init: ldap://0.0.0.0:12000 > daemon_init: listen on ldap://0.0.0.0:12000 > daemon_init: 1 listeners to open... > ldap_url_parse_ext(ldap://0.0.0.0:12000) > daemon: initialized ldap://0.0.0.0:12000 > daemon_init: 1 listeners opened > slapd init: initiated server. > bdb_back_initialize: initialize BDB backend > bdb_back_initialize: Sleepycat Software: Berkeley DB 4.3.27: (December > 22, 2004) > > perl backend open > reading config file ../etc/openldap/slapd.conf > line 7 (ucdata-path C:/OpenLDAP/share/openldap/ucdata ) > line 9 (include C:/OpenLDAP/etc/openldap/schema/core.schema) > reading config file C:/OpenLDAP/etc/openldap/schema/core.schema > >>> dnNormalize: > => ldap_bv2dn(cn=Subschema,0) > ldap_err2string > ldap_dn2bv(272) > ldap_err2string > dnPrettyNormal: > => ldap_bv2dn(dc=example,dc=com,0) > ldap_err2string > > > > > Curtis Robinson wrote: Josh, The current status of the project is > on delay. I have to get to a couple of other projects. It is going to > still be worked on. There are some alternatives. Novell has a directory > sync for directory server which is both ways. I have not taken an > in-depth look at the product. Samba is working on a sync functionality, > but I have not kept up with their progress. On the compiling part, the > way I was doing it was very messy using MS Visual C development > environment. I am going to try this new method to compile since this > person has done alot of the work for me. I just have to get back-perl to > compile against activestate perl. Here is the project web page: > http://lucas.bergmans.us/hacks/openldap/ Also, you may want to compile > against 5.6 instead of 5.8. The openldap docs say they recommend 5.6, so > I have not tried the 5.8. I do have some documentation but it is > probably inaccurate by now. I do not know if this helps you or not. -- > Curtis Hi Curtis, My name is Josh Holman, > and I have been playing with your AcctSync package recently and had a few > questions for you. Are you still working on it at all? I havent seen any > modifications in about a year but it seems like people are still looking > at it, and honestly I havent seen much in the way of alternatives for > snyching AD and LD. Is there something better you know of? I have been > trying to get a newer version of the tools you used compiled (OpSSL > 0.9.7g,OpLdap2.2.24,and ASPerl 5.8) but getting Slapd to link against > ActiveState 5.8 is really working my nerves. :) Anyway if you have the > time, I'd like to hear anything from you about AcctSnycs status, any > alternatives, and if you have any documents that might help me get Ldap > and AS Perl to play nice.Thanks for your time! > -Josh > -- Curtis Robinson crobinso at fit.edu |
From: Simon S. <Sim...@uw...> - 2005-04-21 13:09:56
|
Also sun one directory server supports two way syncronisation.. > -----Original Message----- > From: acc...@li... > [mailto:acc...@li...] On > Behalf Of Curtis Robinson > Sent: 21 April 2005 14:00 > To: Josh Holman > Cc: acc...@li... > Subject: [Acctsync-general] Re: AccntSync > > Josh, > > The current status of the project is on delay. I have to > get to a couple of other projects. It is going to still be > worked on. There are some alternatives. Novell has a > directory sync for directory server which is both ways. I > have not taken an in-depth look at the product. Samba is > working on a sync functionality, but I have not kept up with > their progress. > > On the compiling part, the way I was doing it was very messy > using MS Visual C development environment. I am going to try > this new method to compile since this person has done alot of > the work for me. I just have to get back-perl to compile > against activestate perl. Here is the project web page: > http://lucas.bergmans.us/hacks/openldap/ Also, you may want > to compile against 5.6 instead of 5.8. The openldap docs say > they recommend 5.6, so I have not tried the 5.8. > > I do have some documentation but it is probably inaccurate by now. > > I do not know if this helps you or not. > -- Curtis > > > > > Hi Curtis, > > > > My name is Josh Holman, and I have been > playing with > > your AcctSync package recently and had a few questions for you. Are > > you still working on it at all? I havent seen any modifications in > > about a year but it seems like people are still looking at it, and > > honestly I havent seen much in the way of alternatives for > snyching AD > > and LD. Is there something better you know of? I have been > trying to > > get a newer version of the tools you used compiled (OpSSL > > 0.9.7g,OpLdap2.2.24,and ASPerl 5.8) but getting Slapd to > link against > > ActiveState 5.8 is really working my nerves. :) Anyway if > you have the > > time, I'd like to hear anything from you about AcctSnycs > status, any > > alternatives, and if you have any documents that might help me get > > Ldap and AS Perl to play nice.Thanks for your time! > > > > -Josh > > > > > > > > > > > -- > Curtis Robinson > crobinso at fit.edu > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: New Crystal Reports XI. > Version 11 adds new functionality designed to reduce time involved in > creating, integrating, and deploying reporting solutions. > Free runtime info, > new features, or free trial, at: > http://www.businessobjects.com/devxi/728 > _______________________________________________ > Acctsync-general mailing list > Acc...@li... > https://lists.sourceforge.net/lists/listinfo/acctsync-general > > > This incoming email to UWE has been independently scanned for > viruses and any virus detected has been removed using McAfee > anti-virus software > This email has been independently scanned for viruses and any virus software has been removed using McAfee anti-virus software |
From: Curtis R. <cro...@fi...> - 2005-04-21 13:00:32
|
Josh, The current status of the project is on delay. I have to get to a couple of other projects. It is going to still be worked on. There are some alternatives. Novell has a directory sync for directory server which is both ways. I have not taken an in-depth look at the product. Samba is working on a sync functionality, but I have not kept up with their progress. On the compiling part, the way I was doing it was very messy using MS Visual C development environment. I am going to try this new method to compile since this person has done alot of the work for me. I just have to get back-perl to compile against activestate perl. Here is the project web page: http://lucas.bergmans.us/hacks/openldap/ Also, you may want to compile against 5.6 instead of 5.8. The openldap docs say they recommend 5.6, so I have not tried the 5.8. I do have some documentation but it is probably inaccurate by now. I do not know if this helps you or not. -- Curtis > Hi Curtis, > > My name is Josh Holman, and I have been playing with > your AcctSync package recently and had a few questions for you. Are you > still working on it at all? I havent seen any modifications in about a > year but it seems like people are still looking at it, and honestly I > havent seen much in the way of alternatives for snyching AD and LD. Is > there something better you know of? I have been trying to get a newer > version of the tools you used compiled (OpSSL 0.9.7g,OpLdap2.2.24,and > ASPerl 5.8) but getting Slapd to link against ActiveState 5.8 is really > working my nerves. :) Anyway if you have the time, I'd like to hear > anything from you about AcctSnycs status, any alternatives, and if you > have any documents that might help me get Ldap and AS Perl to play > nice.Thanks for your time! > > -Josh > > > > -- Curtis Robinson crobinso at fit.edu |
From: Curtis R. <cro...@fi...> - 2004-11-09 21:53:18
|
Hi Timo, > Hello Curtis, > > Am Mittwoch, 3. November 2004 20:06 schrieben Sie: >> > So acctsync can be considered the first step to such a slurpd like daemon for windows? Or are you refering to another project? Either way, I am interested in more of this. >> acctsync is not complete since it is not a two-way replication >> between OpenLDAP and AD. It is another subproject to get the other syncing to happen. It would be great to get help in this area. > > Well, let's see how far we come. > >> Knowing your situation helps. You could use the objectGUID to match between both directories. But, I think there will be an issue on the objectGUID does not get passed everytime a change occurs. The only identifier available is the Distinguishing Name (DN) and this will provide your (1:1) relation. > I think I remember that I have read somewhere, that the DN also can change for a user, for example it he becomes moved from one OU to another. But the objectGUID stays the same. That's why I thought of using objectGUID and not the DN. > It is true a DN changes, but there are a special notifications that happen when a move or change to DN happens. Then, it is just a sync issue of making the same change to the other side. But, take a look at the objectGUID and see how that works out. It would provide a better association between both directories. >> One of the issues I face is there has >> to be a translation process done to complete a change across both directories. Because Microsoft and UNIX environments have different ways of completing the tasks of user and group management. This makes it interesting in my opinion. > "interesting" is well expressed ;) It's somehow related to standards but they are still doing it differently. > >> Sorry, for the long time to reply. I get pretty busy at times. > No problem. > > I found something else how synchronization maybe could be done. Using the persistent search LDAP CONTROL feature with perl. But I have to learn how to use it first. I found some examples on CPAN, which I will try to play with and try to get a picture of how it could work all together. But first I still have to get the kerberos trust working. > Now, I am very interested in this feature. :) This would be great since we would not have to develop that connection mechanism. Then, it just comes down to writing the perlModule to listen for changes. Great idea. > Regards, > Timo > -- Curtis Robinson crobinso at fit.edu |
From: Timo V. <tv...@rz...> - 2004-11-09 16:38:27
|
Hello Curtis, Am Mittwoch, 3. November 2004 20:06 schrieben Sie: > > So acctsync can be considered the first step to such a slurpd like > > daemon for windows? Or are you refering to another project? Either > > way, I am interested in more of this. > > acctsync is not complete since it is not a two-way replication > between OpenLDAP and AD. It is another subproject to get the other > syncing to happen. It would be great to get help in this area. Well, let's see how far we come. > Knowing your situation helps. You could use the objectGUID to match > between both directories. But, I think there will be an issue on the > objectGUID does not get passed everytime a change occurs. The only > identifier available is the Distinguishing Name (DN) and this will > provide your (1:1) relation. I think I remember that I have read somewhere, that the DN also can change for a user, for example it he becomes moved from one OU to another. But the objectGUID stays the same. That's why I thought of using objectGUID and not the DN. > One of the issues I face is there has > to be a translation process done to complete a change across both > directories. Because Microsoft and UNIX environments have different > ways of completing the tasks of user and group management. This > makes it interesting in my opinion. "interesting" is well expressed ;) It's somehow related to standards but they are still doing it differently. > Sorry, for the long time to reply. I get pretty busy at times. No problem. I found something else how synchronization maybe could be done. Using the persistent search LDAP CONTROL feature with perl. But I have to learn how to use it first. I found some examples on CPAN, which I will try to play with and try to get a picture of how it could work all together. But first I still have to get the kerberos trust working. Regards, Timo |
From: Timo V. <tv...@rz...> - 2004-10-24 14:06:17
|
Curtis Robinson wrote: > Hello, > > You can trigger a perl script through passwdHk. passwdHk can run any > commandline executable on the system. The passwdHk only writes to a file > for logging/testing purposes. You are correct about the passwdHk program > being activated by password changes. The mechanism passwdHk uses to get > password changes is call Password Filtering and it does not listen for any > other AD changes. So, it only sees the username and new password that is > changed. Sorry for stating that passwdHk saves the password to plain files. I didn't look close enough but I meant no harm. > ... You could do it in perl as a seperate daemon. We were > trying to get this implementation down to only a couple of custom pieces. > This would make the maintenance of the project easier. So acctsync can be considered the first step to such a slurpd like daemon for windows? Or are you refering to another project? Either way, I am interested in more of this. > The one-way trust where AD trusts MIT KDC can take place. But, it has a > downside. Any Windows pre-2000 machines will not be able to authenticate > against it. Because AD stores a kerberos and ntlm password. So, there > would be no ntlm password. At this step we don't need windows client machines use the MIT KDC for letting users to log in. They will use the ADCs for that. Let me elaborate a little more on what I need the one-way trust for and what I want to build. Windows users shall be able to use their windows password to access services on linux servers. At the moment this is mainly a mail server. (postfix + smtp auth and cyrus imap both via saslauthd) The mail server also should get it's information out of an ldap server (slapd on Debian) which has some data replicated from the AD (login, name, group membership, main mail address etc) and some independently from windows. (amavisd-new schema attributes, mail forwarding and/or aliases). For me the thing boils down to two issues: password sync and ldap data sync (objects additions, deletions and changes) For password sync I hope to get the kerberos trust working. passwdHk would also be an alternative. The heavier part is the second thing. I imagine a daemon running on one windows server which gets notified if some predefined objects change and then sync's these changes to the openldap server. Objects of both sides have to be clearly related to each other (1:1) AD uses the objectGUID which may be suited building such a relation. But one would need an attribute on the openldap side to save it in. Do you think this is possible? Or am I talking nuts? :) Kind regards and TIA Timo |
From: Curtis R. <cro...@fi...> - 2004-10-22 14:12:39
|
Hello, You can trigger a perl script through passwdHk. passwdHk can run any commandline executable on the system. The passwdHk only writes to a file for logging/testing purposes. You are correct about the passwdHk program being activated by password changes. The mechanism passwdHk uses to get password changes is call Password Filtering and it does not listen for any other AD changes. So, it only sees the username and new password that is changed. That conversation in the link is Kervin Pierre who is the original developer for acctsync. It is possible to do it. It has not been persued, yet. There are a couple of stumbling blocks. First, the standard for persistant searching was just a proposal. Being that, the OpenLDAP Developers would not accept the code unless it supported the new standard for replication. The other is the time to implement the code into OpenLDAP. You could do it in perl as a seperate daemon. We were trying to get this implementation down to only a couple of custom pieces. This would make the maintenance of the project easier. The one-way trust where AD trusts MIT KDC can take place. But, it has a downside. Any Windows pre-2000 machines will not be able to authenticate against it. Because AD stores a kerberos and ntlm password. So, there would be no ntlm password. Microsoft does put out packages for authenticating against kerberos on pre-2000 machines, but it has its limitations, too. On Microsoft's website, they have a document on how to setup the one-way trust. Link: http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp -- Curtis > Message: 1 > From: Timo Veith <tv...@rz...> > Organization: Rechenzentrum des FH Standorts > =?iso-8859-15?q?Zweibr=FCcken?= > To: acc...@li... > Date: Thu, 21 Oct 2004 17:27:07 +0200 > Subject: [Acctsync-general] One way sync from AD to OpenLDAP > > Hi, > > I have read the documentation from the website > (http://acctsync.sourceforge.net/) and I have some questions. First of > all as said in the subject we want to implement a oneway sync of some > objects from Active Directory (Win2K3 Server) to OpenLDAP (Debian sarge > slapd-2.1.30-3). > > As far as I have understood, acctsync can trigger a perl script through > the modification of a password with passwdHk program. Is this correct? > If not, please correct me and tell me how it works. For my other > questions I assume that acctsync works like I just described above. > > If the above is correct, objects in the OpenLDAP server will only be > updated if someone changes his password, right? What would happen if > only a change in the group membership occured? Something like a slurpd > on the windows server would be better. This idea is not from me but > from here > http://www.openldap.org/lists/openldap-software/200205/msg00640.html. > Is there anybody who pursued such an idea? I would be interested in > writing something like that in perl. How could I do this ? I think of > writing a daemon that monitors changes in the AD. > > passwdHk seems to catch passwords and writes them in plain text to a > file. This seems to us like some dirty hack and we would like to > implement a way of which we think is a better one. Well, at least if it > is technically possible. As opposed to catching the password we would > like to install a MIT KDC and setup a oneway trust, so that Windows > users can authenticate to the KDC and use resources from there. (for > example the OpenLDAP server) Is this possible? > > Kind regards, > > Timo > > > > > > --__--__-- > > _______________________________________________ > Acctsync-general mailing list > Acc...@li... > https://lists.sourceforge.net/lists/listinfo/acctsync-general > > > End of Acctsync-general Digest > -- Curtis Robinson crobinso at fit.edu |