From: karl rossing <unixb0y@ya...> - 2002-11-04 20:15:34
I don't really want to re-invent the wheel here.
I've got 2 LDAP servers. I want to synchronise the
passwd attribute for users in server a with the
attribute in serverB. Also if the user on server 1
does not exist on server 2 do nothing.
Container names/path would not be the same on both
I'm wondering if there are any prebuilt tools that do
Do you Yahoo!?
HotJobs - Search new jobs daily now
From: Jim Harle <harle@us...> - 2002-11-04 21:31:01
This all depends on what the 2 servers are and how they store passwords. If
they are the same 'brand' of server, there may be tools included by the
manufacturer. For many pairs of servers the only feasible thing to do is to
capture password changes just before they are committed to a server. Some
server vendors sell add-on tools that capture at their server as long as you do
it their way. We have opted to have a home grown web page for changing
passwords and telling the users that the web page is the right way to change
passwords. We also have a nightly script that looks at when passwords are about
to expire and sends email to the users at specific intervals before the
expiration, giving the URL of the password changing page. The password
changing script has rougly the following logic:
If authenticated binds succeed for either serverA or serverB, consider the
If both succeed, use those binds for password changing.
If only one succeeds, then use a reasonably well hidden DN/password of a
privileged account to bind to the one that failed.
If the password change operation fails for a server, encrypt the dn and
password and failed server name for later processing
On Mon, 4 Nov 2002, karl rossing wrote:
> I don't really want to re-invent the wheel here.
> I've got 2 LDAP servers. I want to synchronise the
> passwd attribute for users in server a with the
> attribute in serverB. Also if the user on server 1
> does not exist on server 2 do nothing.
> Container names/path would not be the same on both
> I'm wondering if there are any prebuilt tools that do
> Do you Yahoo!?
> HotJobs - Search new jobs daily now
> This SF.net email is sponsored by: ApacheCon, November 18-21 in
> Las Vegas (supported by COMDEX), the only Apache event to be
> fully supported by the ASF. http://www.apachecon.com