[Info-vax] LDAP
Phillip Helbig undress to reply
helbig at asclothestro.multivax.de
Sat Oct 10 12:27:23 EDT 2020
In article <rls7k2$inj$1 at dont-email.me>,
=?UTF-8?Q?Jan-Erik_S=c3=b6derholm?= <jan-erik.soderholm at telia.com>
writes:
> > We tried it, it works, but it can only be used to store passwords. LDAP
> > does not have any provision to store the SYSUAF info so you need to keep
> > local user definitions anyway. It just will disregard the password
> > stored in SYSUAF in favor of the LDAP one. Means that for system admin
> > people, it's twice the work... We decided it was not worth the effort
> > and we dropped it. The only real advantage that I can see is that the
> > LDAP password hashing algorithm is probably better than the one used in
> > SYSUAF so the systems would be marginally safer, which might be
> > important for some cases.
>
> Thanks for the reply.
>
> Why would it be twice the work? Is there any work involved at all
> efter the LDAP link to AD has been established?
>
> The AD administration is already there anyway. Is it more routine work
> on the VMS side, after that the LDAP link has been setup?
>
> And yes, password lookup is the only function we are looking at.
If the LDAP is already set up and running, then the additional work is
negligible.
> What about if the AD password happens to have characters that are
> invalid on VMS? Is that transparent if LDAP lookup has been enabled?
Yes, completely transparent; only the LDAP rules apply.
More information about the Info-vax
mailing list