Using Penrose (or similar software) to solve our LDAP needs

Kenneth Holter kenneho.ndu at gmail.com
Fri Nov 21 07:03:26 UTC 2008 

Thanks, I'll google it and see if it's something that might solve our needs.


We're still experimenting with Red Hat Directory Server hoping that we'll
find a good solution using this software, though.

On 11/20/08, Ezra Taylor <ezra.taylor at gmail.com> wrote:
>
> Hello Kenneth:
>                         Centrify is a product I've read about.  All
> of your users will exists on AD.  A user can change his/her password
> using the client that exists on the Linux host or do it on a Windows
> box as you usually would.
>
> On Tue, Nov 11, 2008 at 5:15 AM, Kenneth Holter <kenneho.ndu at gmail.com>
> wrote:
> > Hello list.
> >
> >
> > We've been trying to deploy Red Hat Directory Server (RHDS) in our
> > organization, but are not so sure it's integration with Active Directory
> > (AD) suits our needs. Let me briefly outline our situation:
> >
> > AD is well deployed within our organization, but we're in need of a
> > directory server for our Red Hat Linux servers. The directory server
> should
> > first and foremost allow for user authentication when connecting through
> > SSH, but other applications will also be integrated with the directory
> > server. The AD admins is not very keen on us Linux admins modifying or
> > installing applications on their AD boxes, so a directory server
> deployment
> > should take this into account. Also, we *probably* don't need to sync
> > passwords. Lastly, our linux directory server will be synced to a
> dedicated
> > "linux OU" on the AD side.
> >
> > We've played around with RHDS for a while, but the integration with AD
> > (using Windows Sync) doesn't seem to meet our requirements. For example,
> > since attributes such as posix-stuff must be entered manually (or
> scripted)
> > on a per user basis, some of the benefits of syncing with AD seems
> > diminished, and it seems easier just managing everything on the RHDS side
> > alone without syncing with AD.
> >
> > But since we very much would like to sync with AD, we thought we'd maybe
> go
> > for another directory server, hoping that syncing with AD will be
> > more seamless. We got pointed to Penrose (
> > http://docs.safehaus.org/display/PENROSE/Home), and I' thought I'd hear
> if
> > anyone have any experience with this software to see if it might be the
> > right choice for us.
> >
> > So does anyone have enough experience with Penrose to advice us on
> whether
> > it might be a good solution for us? And is Penrose supported by Red Hat?
> >
> > I've done some reading on the Penrose home page, and found some other
> issues
> > maybe someone can clear up:
> >
> >   - Is there support for unidirectional sync with AD (that is, sync users
> >   from AD to Penrose, but not the other way around)? Maybe using Penrose
> as a
> >   proxy or pass through authentication for AD might solve this.
> >   - If integrated with AD, and still assuming a one way sync from AD to
> >   Penrose, can one create new users directly on Penrose?
> >
> > Any input on this subject will be greatly appreciate. And please comment
> > on other software products that may suit our needs.
> >
> >
> > Regards,
> > Kenneth Holter
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
>
>
>
> --
> Ezra Taylor
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list