Re: [Exim] Windows 2000 ldap services with exim?

Top Page
Delete this message
Reply to this message
Author: Douglas Gray Stephens
Date:  
To: D.M.Chapman
CC: Exim-users
Subject: Re: [Exim] Windows 2000 ldap services with exim?
Darren,

At 09:51 on 13-November-2000, D.M.Chapman wrote:
>
> We currently have a project running to move to windows 2000 (users need
> start menus that fade in and out :-) and I have been given the task of
> looking into the ldap services that active directory provides.
>
> Has any one done any thing like this? In particualar, the distribution
> lists that can be set up (they claim to need exchange but if they can
> be got at via ldap.....)
>
> Ideally, we would like to replace our current mail tables (dbm databases)
> with the active directory stuff - removing one more database from our
> systems and also opening up other search methods via ldap.
>
> Of course, this all assumes that Windows2000 ldap is not MSLdap(tm) in
> some broken way - any views?


The current MSLdap(tm) has a few non standard features, e.g.
 o  corruption of the top objectclass
 o  inability to support multi-valued attribues for some attributes
    (e.g. cn)
 o  LDAP service must run on port 389
 o  DIT cannot be rooted in a current (as the X.500 world, and
    supported by all other LDAP servers).


I used to classify Activedirectory as a Microsoft proprietary
directory, with an LDAP peep hole bolted on the side. Microsoft have
tried to assure me that all of Microsoft's calls to AD are actually
done using LDAP calls, and not using any alternative proprietary MS
specific protocol. I have not had a chance to validate this. I know
that it is not possible to see the type of access log, showing ldap
style binding, creations, modification, deletions. I recall that
there are ACL issues enabling clients to access the MSLdap directory
over LDAP.

I do not recall any reason why MSLdap(tm) cannot handle LDAP groups of
uniquenames, or distribution lists, although the Activedirectory
method for groups is to add group based information to each object in
the directory, as they do with NT based domains.

> Any pointers to ldap resources would be useful as well - I currently
> know nothing about it!!!!


Some pointers for getting started on LDAP are
Introductory article from Sun
http://www.sunworld.com/swol-10-1996/swol-10-ldap.html

Innosoft's list of LDAP World references (this used to be hosted by
Critical Angle, and was considered the equivalent LDAP reference to
CERN's references for the early days of HTTP)
http://www.innosoft.com/ldapworld/
A rather old FAQ from Critical Angle
http://www.critical-angle.com/ldapworld/ldapfaq.html

A LDAP Roadmap and FAQ from Stanford Univeristy
http://www.kingsmountain.com/ldapRoadmap.shtml

There are several RFC's relating to LDAP.

I hope this helps,


Douglas

--

================================
Dr. Douglas GRAY STEPHENS        
SL-IT Security (Directories)
Schlumberger Cambridge Research
High Cross,
Madingley Road,
Cambridge.
CB3 0EL
ENGLAND


Phone +44 1223 325295
Fax +44 1223 311830
Email DGrayStephens@???
================================