On Mon, Jan 23, 2012 at 2:39 PM, Ski Kacoroski <kacoro...@gmail.com> wrote:
> Atom, > > For AD at my work we can add attributes easily with the MS schema editor > and then change them using standard calls via the perl-ldap libraries. The > only thing that is a bit tricky is the password, but we figured that out > also. Essentially you should be able to replicate almost anything you do > in openldap in AD as long as you stay away from the default AD attributes. > > I would love to use CentOS/RHEL for directory services, but I believe AD is the right choice for this scenario. It is robust and well-supported, everyone uses it, and I think it has the best multi-master replication out of the box. In fact, we are busy rolling out a new AD solution for our Mac networks. At this point it seems more energy/time has been put into the AD interface for Macs than their own OD binding tools. You can adjust the AD schema to include exactly what you are using by using ADAM to connect to both your current LDAP installation and your AD domain controller to generate an LDIF file showing the differences. As Ski said, be sure to not walk over any of the AD built-ins. It goes without saying it pays to be detail-oriented with this one. Apple has a nice white paper that walks through this stuff for adding the OD extensions to AD. It could be adapted for any OpenLDAP-based solution with a little research. I'm not sure where it is found now, but google will provide. Regards, -Iain -- -- - Iain Morris iain.t.mor...@gmail.com
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
