What advantage does the LDAP Account Synchronization Project have over the other single account systems? Well, it depends. The reason for this project is to create an open source account system to work with existing account systems (OpenLDAP and Windows Active Directory). By doing this method, it can allow flexibility between the differences in the Windows and UNIX administration tasks. Review your requirements to see which method suits the solution.
See the sourceforge project summary page at https://sourceforge.net/projects/acctsync/ for project files and more information on CVS, etc.Project Status
Communication will be done on the two mailing lists, acctsync-devel at https://lists.sourceforge.net/lists/listinfo/acctsync-devel for developers working on the acctsync project, and acctsync-general at https://lists.sourceforge.net/lists/listinfo/acctsync-general for users and other people requiring general information on the acctsync project.
Building OpenLDAP on win32 system
Redesigned the web site layout. Hopefully it describes the project better. Also, a new version of OpenLDAP and acctSync is in the works.
Screenshot of the passwdHk-config utility. This utility configures the behavior of the passwdHk password synchronization DLL used to transmit the modified windows passwords over to the LDAP server. The DLL is configured via the registry.
OpenLDAP binaries for the 2.1.3 release are now available on the project page at http://sourceforge.net/projects/acctsync. The binaries were built with OpenSSL 0.9.6d, Berkeley DB 4.0.14, and ActiveState Perl 5.6.1.
acctSync.pm and acctSyncAccount.schema are in CVS. acctSync.pm is the perl module that OpenLDAP Perl backend loads to process the user modification requests. I am waiting for an official OID number which I expect to arrive any day now.
The current patch has been added to the OpenLDAP CVS source code repository. Therefore I wil not be posting any more patches. The back-perl backend should now compile on win32 using OpenLDAP from CVS.
I have been working on a PERL OpenLDAP extension to simplify writing PERL scripts that use the OpenLDAP libraries. The project is ldapperl, it's derived from perldap http://www.perldap.org/ and can be found at http://ldapperl.sourceforge.net/ . The goal is to more closely export the OpenLDAP C and C++ APIs as a PERL extension.
The current patch for OpenLDAP+back-perl on win32 can be found at http://prdownloads.sourceforge.net/acctsync/back-perl.win32.current.patch.gz . This patch should apply cleanly against current OpenLDAP CVS HEAD branch. Note CVS changes significantly in short periods of time.
I have been told that this patch will eventually be applied in OpenLDAP CVS but with no date guarantee. Do not use the older patches, this one fixed all the issues I had ran into at the time I uploaded it.
After applying the patch you must
If you have any problems feel free to drop a note on the list at https://lists.sourceforge.net/lists/listinfo/acctsync-general .
- #define HAVE_SLAPD_PERL and HAVE_WIN32_ASPERL in the ldap/include/portable.nt file.
- Import the back-perl project into your OpenLDAP workspace.
- Add back-perl as a dependency of slapd project.
- Add the 'perl56.lib' as a library dependency to slapd.
- Modify your library and include directory paths to reflect where you have your perl/lib/CORE directory.
- Last two steps also have to be done for other executables eg. slapadd, etc.
Update of "Password Hook DLL" now available from the sourceforge summary page. It now includes, registry entries for all of the configuration options, supports logging, create process flags, wait timing. Also included is a driver program to load the DLL during testing, to execute the functions. This version, though still considered alpha works well for me. Security and memory audits are next.
Uploaded the alpha source for a password filter I am working on. "Password Hook DLL" is a NT password filter that takes the user's password and then passes it to a script registered in the registry. The DLL thus is effectively a generic password filter. This is a different approach from Osama Dengler's password filter which makes the LDAP calls directly to the LDAP server.
This very alpha code reliabley crashes windows 2000, but hopefully that'll change soon. The code can be downloaded from the sourceforge summary page at https://sourceforge.net/projects/acctsync/
I am planning to put up detailed instructions on this in the future but for now here are some pointers.