[Fedora-directory-devel] Re: [Fedora-directory-users] Questions on Referal/Chaning features
Richard Megginson
rmeggins at redhat.com
Thu Nov 9 17:45:06 UTC 2006
Ankur Agarwal wrote:
> Thanks Richard!
>
> Have a couple of follow-up questions :
>
> 1) iPlanet to Fedora chaining should work fine as you have mentioned.
> Does chaining require both of them to have exactly same schemas or
> chaining doesnt require that?
I don't think it matters.
>
> 2) Client sends request to Fedora (with some authentication info) and
> then request gets dispatched to iPlanet/ActiveDirectory. How will this
> request be authenticated at iPlanet/ActiveDirectory. I believe
> authentication credentials will be different for all these LDAPs.
I don't understand. If you send a simple BIND request with a dn and a
password to Fedora acting as the chaining front end, it will simply pass
this operation and the credentials to the LDAP server on the backend.
The Fedora DS chaning backend can't figure out what sort of
authentication to use and change it on the fly.
>
> regards,
> Ankur
>
> */Richard Megginson <rmeggins at redhat.com>/* wrote:
>
> Ankur Agarwal wrote:
> > Hi,
> >
> > We have 2 existing directory services set-up with different schemas:
> > 1) Active Directory
> > 2) iPlanet LDAP
> >
> > Now we want to introduce a third one (Fedora LDAP) where we want to
> > use referal/chaining features to send requests to these already
> > existing servers. Would really appreciate your answers on:
> >
> > 1) Can we modify/update active directory data and iPlanet data with
> > application interfacing only with new Fedora LDAP which will
> dispatch
> > requests to these servers? Or can referal/chaining be used only for
> > querying other LDAP servers?
> A chaining database is read-write - it looks just like a local db to
> clients.
> >
> > 2) Can Referal/Chaning be set-up across ActiveDirectory and Fedora
> > with them having different schemas? Similarly between iPlanet
> and Fedora?
> Not sure about AD. Some other people on the list have been trying to
> get chaining and pass through auth to work with AD, but I haven't
> seen
> any reports of success yet.
>
> iPlanet to Fedora should work just fine.
> >
> > 3) If we want to migrate data from iPlanet to Fedora (having diff
> > schema on Fedora) then any issues we must be aware of and any best
> > practices?
> Just make sure your customized schema is copied to Fedora. iPlanet
> and
> Fedora DS are very compatible.
> >
> > Thanks,
> > Ankur
> >
> >
> ------------------------------------------------------------------------
> > Sponsored Link
> >
> > Talk more and pay less. Vonage can save you up to $300 a year on
> your
> > phone bill. Sign up now.
> >
> >
> ------------------------------------------------------------------------
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
> ------------------------------------------------------------------------
> Want to start your own business? Learn how on Yahoo! Small Business.
> <http://us.rd.yahoo.com/evt=41244/*http://smallbusiness.yahoo.com/r-index>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20061109/486e472f/attachment.bin>
More information about the Fedora-directory-devel
mailing list