Thanks, I'll google it and see if it's something that might solve our needs. We're still experimenting with Red Hat Directory Server hoping that we'll find a good solution using this software, though. On 11/20/08, Ezra Taylor <ezra.taylor@xxxxxxxxx> wrote: > > Hello Kenneth: > Centrify is a product I've read about. All > of your users will exists on AD. A user can change his/her password > using the client that exists on the Linux host or do it on a Windows > box as you usually would. > > On Tue, Nov 11, 2008 at 5:15 AM, Kenneth Holter <kenneho.ndu@xxxxxxxxx> > wrote: > > Hello list. > > > > > > We've been trying to deploy Red Hat Directory Server (RHDS) in our > > organization, but are not so sure it's integration with Active Directory > > (AD) suits our needs. Let me briefly outline our situation: > > > > AD is well deployed within our organization, but we're in need of a > > directory server for our Red Hat Linux servers. The directory server > should > > first and foremost allow for user authentication when connecting through > > SSH, but other applications will also be integrated with the directory > > server. The AD admins is not very keen on us Linux admins modifying or > > installing applications on their AD boxes, so a directory server > deployment > > should take this into account. Also, we *probably* don't need to sync > > passwords. Lastly, our linux directory server will be synced to a > dedicated > > "linux OU" on the AD side. > > > > We've played around with RHDS for a while, but the integration with AD > > (using Windows Sync) doesn't seem to meet our requirements. For example, > > since attributes such as posix-stuff must be entered manually (or > scripted) > > on a per user basis, some of the benefits of syncing with AD seems > > diminished, and it seems easier just managing everything on the RHDS side > > alone without syncing with AD. > > > > But since we very much would like to sync with AD, we thought we'd maybe > go > > for another directory server, hoping that syncing with AD will be > > more seamless. We got pointed to Penrose ( > > http://docs.safehaus.org/display/PENROSE/Home), and I' thought I'd hear > if > > anyone have any experience with this software to see if it might be the > > right choice for us. > > > > So does anyone have enough experience with Penrose to advice us on > whether > > it might be a good solution for us? And is Penrose supported by Red Hat? > > > > I've done some reading on the Penrose home page, and found some other > issues > > maybe someone can clear up: > > > > - Is there support for unidirectional sync with AD (that is, sync users > > from AD to Penrose, but not the other way around)? Maybe using Penrose > as a > > proxy or pass through authentication for AD might solve this. > > - If integrated with AD, and still assuming a one way sync from AD to > > Penrose, can one create new users directly on Penrose? > > > > Any input on this subject will be greatly appreciate. And please comment > > on other software products that may suit our needs. > > > > > > Regards, > > Kenneth Holter > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > -- > Ezra Taylor > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
