[389-users] 389 DS merged with AD?

[Gary Algier]

Hello,

I am in search of a tool to solve a new directory server issue in relation
to Active Directory...

For a long time here at work, we have had LDAP as our authentication source
and nsswitch source for Solaris and Linux. First it was the Solaris DS,
later the 389 DS. When AD came along we started using the Active Directory
sync tool to sync passwords from the AD environment, but did not try to
store all the Posix attributes in AD.  This has worked well.

Recently, our company was bought by another that is implementing AD as the
only allowed authentication source.  We will be assimilated.  However, they
can't/won't store all the other stuff we need such as the Ethernet
addresses, automount points, etc.  They also won't sync passwords.  It
looks like we will still need a "real" direstory server.

Does anyone have any ideas how to have two LDAP sources, one used for
authentication and possibly some user attributes, group membership, etc.
(AD) while using another (389?) for the rest of the stuff?

Is there some sort of frontend proxy that can merge the DITs from two
stores on the backend?  I seem to remember reading that the later versions
of the Solaris DS could do something like this.

I don't even know what kind of tool I am asking for or I might be able to
search for it and answer my own question.

Any pointers would be appreciated.

Gary Algier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20150414/89cc2c55/attachment.html>