Hi everyone,
If this post here is in poor taste, please pardon my interruption. It's just that I figured those here would have a high probability of trying to do as I am trying to do.
Background: I'm a debian-head from the early 90's, but I'm new to OpenLDAP, and this is my first post here. I'm about halfway done with Mastering OpenLDAP, and I've been lurking here for a month or so, trying to understand how things work, and looking for questions like mine. I also just read Kerberos, the definitive guide as a primer into understanding how my team can make everyone 'Just Get Along(tm)' in a multi-platform global enterprise, while leveraging open source projects.
Rough Goals: * We're exploring ways in which we can have a single user/group database for everything, everywhere in our domain. * Additionally, we want as 'SSO' an environment as possible. * We also want to keep, and even extend all the other NIS functionality we use today - only without the NIS limitations. * We also need to be able to phase it in, or even have it overlap with our current situation for a period, so it's not an all-or-nothing kind of change.
The Parts Bin: There's a bunch of parts around, and they all kind of fit together, but to my current understanding anyway, seem to create a few different incomplete solutions, such as: * Samba/Winbind/Kerberos (possibly backed by OpenLDAP) * OpenLDAP/Kerberos with trusts to AD * AD using 2003R2 and possibly custom schema modifications if required.
My question really is what are others doing to solve this type of problem? Architecturally, what is the best approach given the above desired outcome?
Thanks to all for your thoughts and insight on this,
Regards, Christopher Barry Systems Engineer QLogic