Using Penrose (or similar software) to solve our LDAP needs

Ezra Taylor ezra.taylor at gmail.com
Thu Nov 20 21:30:03 UTC 2008 

Hello Kenneth:
                         Centrify is a product I've read about.  All
of your users will exists on AD.  A user can change his/her password
using the client that exists on the Linux host or do it on a Windows
box as you usually would.

On Tue, Nov 11, 2008 at 5:15 AM, Kenneth Holter <kenneho.ndu at gmail.com> wrote:
> Hello list.
>
>
> We've been trying to deploy Red Hat Directory Server (RHDS) in our
> organization, but are not so sure it's integration with Active Directory
> (AD) suits our needs. Let me briefly outline our situation:
>
> AD is well deployed within our organization, but we're in need of a
> directory server for our Red Hat Linux servers. The directory server should
> first and foremost allow for user authentication when connecting through
> SSH, but other applications will also be integrated with the directory
> server. The AD admins is not very keen on us Linux admins modifying or
> installing applications on their AD boxes, so a directory server deployment
> should take this into account. Also, we *probably* don't need to sync
> passwords. Lastly, our linux directory server will be synced to a dedicated
> "linux OU" on the AD side.
>
> We've played around with RHDS for a while, but the integration with AD
> (using Windows Sync) doesn't seem to meet our requirements. For example,
> since attributes such as posix-stuff must be entered manually (or scripted)
> on a per user basis, some of the benefits of syncing with AD seems
> diminished, and it seems easier just managing everything on the RHDS side
> alone without syncing with AD.
>
> But since we very much would like to sync with AD, we thought we'd maybe go
> for another directory server, hoping that syncing with AD will be
> more seamless. We got pointed to Penrose (
> http://docs.safehaus.org/display/PENROSE/Home), and I' thought I'd hear if
> anyone have any experience with this software to see if it might be the
> right choice for us.
>
> So does anyone have enough experience with Penrose to advice us on whether
> it might be a good solution for us? And is Penrose supported by Red Hat?
>
> I've done some reading on the Penrose home page, and found some other issues
> maybe someone can clear up:
>
>   - Is there support for unidirectional sync with AD (that is, sync users
>   from AD to Penrose, but not the other way around)? Maybe using Penrose as a
>   proxy or pass through authentication for AD might solve this.
>   - If integrated with AD, and still assuming a one way sync from AD to
>   Penrose, can one create new users directly on Penrose?
>
> Any input on this subject will be greatly appreciate. And please comment
> on other software products that may suit our needs.
>
>
> Regards,
> Kenneth Holter
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



-- 
Ezra Taylor

More information about the redhat-list mailing list