[Info-vax] LDAP
Marc Van Dyck
marc.gr.vandyck at invalid.skynet.be
Sat Oct 10 07:07:53 EDT 2020
It happens that Jan-Erik Söderholm formulated :
> Hi.
>
> I have been asked if we can use LDAP against the corporate AD systems
> to authenticate our user logins to our OpenVMS system.
>
> Currently on VSI/Alpha.
>
> Anyone that have looked and/or tested these LDAP parts on Alpha?
> And if so, any thoughts, findings or something else worth to report?
> How does it work with a mixed LDAP/local password verification?
>
> The users to be verified over LDAP/AD are those that have “personal”
> VMS accounts using their corporate signature. We also have “workgroup”
> accounts for the workplaces in the factory, and they are not in the AD.
>
> The logins are done using plain telnet sessions from terminal emulators.
> No ssh here, if that matters in regard to LDAP…
>
> Just starting to look at this…
>
> Regards, Jan-Erik.
We tried it, it works, but it can only be used to store passwords. LDAP
does not have any provision to store the SYSUAF info so you need to
keep
local user definitions anyway. It just will disregard the password
stored in SYSUAF in favor of the LDAP one. Means that for system admin
people, it's twice the work... We decided it was not worth the effort
and we dropped it. The only real advantage that I can see is that the
LDAP password hashing algorithm is probably better than the one used in
SYSUAF so the systems would be marginally safer, which might be
important for some cases.
--
Marc Van Dyck
More information about the Info-vax
mailing list