Ankur Agarwal wrote:
Thanks Richard!Have a couple of follow-up questions : 1) iPlanet to Fedora chaining should work fine as you have mentioned. Does chaining require both of them to have exactly same schemas or chaining doesnt require that?
I don't think it matters.
2) Client sends request to Fedora (with some authentication info) and then request gets dispatched to iPlanet/ActiveDirectory. How will this request be authenticated at iPlanet/ActiveDirectory. I believe authentication credentials will be different for all these LDAPs.I don't understand. If you send a simple BIND request with a dn and a password to Fedora acting as the chaining front end, it will simply pass this operation and the credentials to the LDAP server on the backend. The Fedora DS chaning backend can't figure out what sort of authentication to use and change it on the fly.
regards,Ankur */Richard Megginson <rmeggins@xxxxxxxxxx>/* wrote: Ankur Agarwal wrote: > Hi, > > We have 2 existing directory services set-up with different schemas: > 1) Active Directory > 2) iPlanet LDAP > > Now we want to introduce a third one (Fedora LDAP) where we want to > use referal/chaining features to send requests to these already > existing servers. Would really appreciate your answers on: > > 1) Can we modify/update active directory data and iPlanet data with > application interfacing only with new Fedora LDAP which will dispatch > requests to these servers? Or can referal/chaining be used only for > querying other LDAP servers? A chaining database is read-write - it looks just like a local db to clients. > > 2) Can Referal/Chaning be set-up across ActiveDirectory and Fedora > with them having different schemas? Similarly between iPlanet and Fedora? Not sure about AD. Some other people on the list have been trying to get chaining and pass through auth to work with AD, but I haven't seen any reports of success yet. iPlanet to Fedora should work just fine. > > 3) If we want to migrate data from iPlanet to Fedora (having diff > schema on Fedora) then any issues we must be aware of and any best > practices? Just make sure your customized schema is copied to Fedora. iPlanet and Fedora DS are very compatible. > > Thanks, > Ankur > > ------------------------------------------------------------------------ > Sponsored Link > > Talk more and pay less. Vonage can save you up to $300 a year on your > phone bill. Sign up now. > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users ------------------------------------------------------------------------Want to start your own business? Learn how on Yahoo! Small Business. <http://us.rd.yahoo.com/evt=41244/*http://smallbusiness.yahoo.com/r-index>------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
