Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

Password synchronization to Windows using LDAP?

 
SOLVED
Go to solution
Jim Geier_1
Regular Advisor

Password synchronization to Windows using LDAP?

The documentation for the OpenVMS LDAP SYS$ACM Authentication Agent suggests that password synchronization between OpenVMS and Windows is possible. All of the configuration information in the dicumentation is for synchronizing with a server running Advanced Server. We would like to synchronize passwords from our OpenVMS Alpha 8.3 servers to the Windows domain. Is this is a realistic possibility now using the software and tools available? And is anyone actually doing it successfully in production?
11 REPLIES 11
Paul Nunez
Respected Contributor
Solution

Re: Password synchronization to Windows using LDAP?

Hi Jim,

Yes, it is possible. You need to acmeldap v0200 kit. Basically, you:

1. Download and install the dec-axpvms-vms83a_acmeldap-v0200--4 pcsi kit

2. Restore sys$update:acme_dev_kits.bck

3. Install DEC-AXPVMS-V83_ACMELDAP_STD-V0103--4.PCSI;1 and DEC-AXPVMS-V83_ACMELOGIN-V0101--4.PCSI;1

4. Load the Persona Extension with $ mc sysman SYS_LOADABLE ADD LDAPACME LDAPACME$EXT

5. Reboot

6. Configure the ini file (attached)

7. Run @sys$startup:acme$start

8. Confirm LDAP-STD agent is loaded - $ show server acme

9. Set ExtAuth flag on SYSUAF account




Edwin Gersbach_2
Valued Contributor

Re: Password synchronization to Windows using LDAP?

Jim

Have a look at the thread http://forums12.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1206017464895+28353475&threadId=1197550
for some retrictions. Especially read the entry by M. T. Hollinger (4. entry)

Edwin
Hoff
Honored Contributor

Re: Password synchronization to Windows using LDAP?

Configuring LDAP External Authentication:

http://64.223.189.234/node/619


Jim Geier_1
Regular Advisor

Re: Password synchronization to Windows using LDAP?

Thanks for the information. On a standalone AlphaServer running OpenVMS 8.3 and patched up to Update V8, I installed the following three kits:
VMS83A_ACMELDAP V2
V83_ACMELOGIN V1.1
V83_ACMELDAP_STD V1.1

I followed the release notes. I am having a problem with the
SYSMAN SYS_LOADABLE ADD LDAPACME LDAPACME$EXT
step. I see in the file SYS$UPDATE:VMS$SYSTEM_IMAGES.IDX a line indicating "SWsystem image LDAPACME$EXT load failed", and after rebooting, I see in VMS$SYSTEM_IMAGES.DATA (in the directory sys$loadable_images) a message "%SYSINIT, system image LDAPACME$EXT load failed."

Any ideas as to how I can get the image to load and get this working? Might something in the VMS 8.3 Update V8 be incompatible with the LDAP images?
Jim Geier_1
Regular Advisor

Re: Password synchronization to Windows using LDAP?

The error messages may be something of a red herring. The problem with my LDAP-ACME implementation was a problem with the LOGINOUT.EXE image. When I did the PRODUCT INSTALL V83_ACMELOGIN, a message saying that LOGINOUT.EXE would not be replaced because the version already on the system was newer than the image in the kit. This is true, but the version on the system does not have the LDAP-ACME code in it. So after realizing that this was a problem, I extracted LOGINOUT.EXE from the kit, put it in SYS$COMMON:[SYSEXE], did the INSTALL REPLACE and now I have LDAP password synchronization working.

HP OpenVMS Support knows about this problem -- it was first found on OpenVMS on Integrity. The engineering groups are working on a solution.