[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

My LDAP/eDirectory/Netinfo bridge solution

Subject: My LDAP/eDirectory/Netinfo bridge solution
From: "Stephen Brandon" <email@hidden>
Date: Wed, 04 Sep 2002 09:17:44 -0400

Hi,

I am setting up a lab in Kingston University, London, for the Faculty of Design and Music.

The university, like many others, has a Novell Netware infrastructure, and whilst the eDirectory is exported via LDAP, there has been no possibility to add additional attributes (like UIDs) to the overall schema.

Additionally, we did not wish to have to set up home accounts on our MacOSX server manually - with hundreds of users per year, this would have been arduous, even if the main authentication could be handled via Novell.

I have therefore implemented a solution whereby there is an LDAP server based on OpenLDAP's slapd, with a perl-based backend. MacOSX 10.1 clients are set up with DirectoryServices to query LDAP on our Mac Server, where the proxy server resides. The proxy server then passes appropriate requests on to the campus LDAP server, and translates some of the information on the fly before passing it back to the client.

The UID is calculated from the user's login name.

The home account location is created automatically, by appending the user's cn attribute to a standard path on the home account server.

The home account itself is created (if it does not yet exist) on the home account server (== the NetInfo server) from a template, and given the right permissions.

So far, it looks to work very well on our test network.

The biggest issue I see so far is that the perl backend to slapd serializes the requests coming in (has locks around the perl bit), so that the LDAP requests to the campus server are single threaded, and have the potential of blocking. So far though, the campus server has always responded in < 0.1 second, so I have not been able to notice any time delay at all. I will need to look more closely at this in future (I am not altogether sure how threadsafe embedded perl is, though I think that once execution has entered the perl module I can handle threadedness, and a shared cache without too much work).

I'm going to set up a web page on how to do this over the next 2 weeks, but knowing that the start of term is approaching for many people I wanted to let people know ASAP that I had it working.

Cheers,
Stephen Brandon
email@hidden
_______________________________________________
maclabmanager mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/maclabmanager
Do not post admin requests to the list. They will be ignored.

Prev by Date: 10.2 and the network user keychain issue?
Next by Date: Re: RevRdist
Previous by thread: 10.2 and the network user keychain issue?
Next by thread: iMac firewire
Index(es):
- Date
- Thread

Home