Atom,
For AD at my work we can add attributes easily with the MS schema editor
and then change them using standard calls via the perl-ldap libraries.
The only thing that is a bit tricky is the password, but we figured that
out also. Essentially you should be able to replicate almost anything
you do in openldap in AD as long as you stay away from the default AD
attributes.
cheers,
ski
On 01/23/2012 12:48 PM, Atom Powers wrote:
I'm in a somewhat similar situation. I currently run OpenLDAP and
Samba 3 and plan to upgrade hundreds of workstations to MS Windows 7.
I know I can get *nix to authenticate to AD. My concern is that AD
won't support the many additional data attributes I've added to my
OpenLDAP directory and I will lose my existing account management
tools. My, admittedly dated, experience with AD and it's account
management tools makes me think this is a step backward.
My question for the list:
Are there powerful account management tools for Active Directory that
can support a custom account lifecycle?
For example, if an applicant becomes a student there are several
account attributes and groups that need to be changed depending on
which program they enroll in; if that student withdraws, graduates,
becomes an employee, etc. there are other attributes that need
changing. What tools exist for AD that can make those changes with a
simple "update status"?
P.S.
I currently implement my lifecycle in a Ruby Rails application. Maybe
I could plug that into AD but I have no idea how difficult that would
be.
On Mon, Jan 23, 2012 at 10:31 AM, Ski Kacoroski<kacoro...@gmail.com> wrote:
On 01/23/2012 07:45 AM, Benjamin Shayne wrote:
Our primary concern is the large number of Windows 7 clients that
would all need registry hacks to connect to a Samba domain. OpenLDAP
and Samba have been difficult to manage with upgrades breaking parts
of the system and with Windows 7 clients need retooling to connect.
Benjamin,
Go with AD. It works well for this purpose and you will not be fighting all
the time to try and get MS clients to connect to it. It is pretty easy to
get linux to authenticate to AD (not sure about OpenSolaris).
--
"When we try to pick out anything by itself, we find it
connected to the entire universe" John Muir
Chris "Ski" Kacoroski, Secretary of LOPSA
206-501-9803, ski98033 on IRC and most IM services
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
