1827458 Members
5282 Online
109965 Solutions
New Discussion

hpux and AD or openldap?

 
Doug O'Leary
Honored Contributor

hpux and AD or openldap?

Hey;

I have a client with a mixed environment of sun, hp, linux and windows systems. They're currently using openldap, active directory and NIS as authentication mechanisms. For obvious reasons, my client would like to limit the number of authentication mechanisms - preferably down to one.

I freely admit to a bias against microsoft. Their history with security concerns me. Without having done any research yet, my initial idea would be to have all the unix systems authenticate against the openldap directory and have that periodically sync itself with the microsoft AD.

While I believe my bias has some basis in fact, I am willing to be proven wrong. How well does HPUX (and other UNIX oses for that matter) interact with active directory? Does anyone have any real world success stories/horror stories?

I know that I'll need samba/cifs if I end up going authenticating on the AD; the technical details can wait for later. At the moment, I'm just looking to see if even considering AD is a valid option.

Technical details can wait with one exception: using either openldap or AD, how do you limit who has access to a specific unix system? Users A B and C can have access to System X, but I don't want D on there. I know there has to be a way to do it but I've not had to do it yet.

Thanks for your time and any information you can provide.

Doug O'Leary

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
1 REPLY 1
Steven E. Protter
Exalted Contributor

Re: hpux and AD or openldap?

Shalom,

This integration is possible.

You need the latest LDAP-UX software from http://software.hp.com

You need admin rights on the windows ADS controller to run the setup script. To succeed you also need Windows 2003 Server patched beyond belief.

Open ldap for HP-Ux, the HP port is so limited as to be of no use.

Maybe the way to go is to compile the openldap client on HP-UX and get full functionality.

I think that is the only thing I did not try.

I suggest it.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com