RE: LDAP tools for VMS - VMS

This is a discussion on RE: LDAP tools for VMS - VMS ; Hello Kerry > > > > Does anyone know where I can get hold of some useful LDAP utilities for > > VMS? > > > > For example ldapsearch, ldapadd, ldapmodify, ldapdelete > > > > > Malcolm - ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: RE: LDAP tools for VMS

  1. RE: LDAP tools for VMS

    Hello Kerry

    > >
    > > Does anyone know where I can get hold of some useful LDAP utilities

    for
    > > VMS?
    > >
    > > For example ldapsearch, ldapadd, ldapmodify, ldapdelete
    > >


    >
    >
    > Malcolm -
    >
    > Just curious, but perhaps you could expand on what you will be looking

    to
    > accomplish
    > with the tools?


    We have an OpenLDAP Directory Server but a significant part of our user
    account management for staff and students is processed on VMS and
    distributed to other platforms - including the OpenLDAP server. It would
    be very handy if we could use the above tools to access the directory
    server directly from VMS, especially for things like testing.

    We have already written some modules using the C language application
    programming interface (API) for LDAP, but if the above tools are already
    available from VMS DCL why bother trying to write these ourselves.

    >
    > Reason for asking is that if the intent is to establish a unified user
    > accounts
    > environment with other platforms, then you might be interested in the
    > following
    > LDAP V3 compliant product from Process Software:
    >
    > http://www.process.com/VMSauth/index.html (uses Multinet or TCPware or

    HP
    > TCPIP services)


    That's interesting. Once upon a time we used Innosoft IDDS LDAP
    directory server on Sun Solaris, and a good one it was too until they
    sold it to Sun and it became unsupported. We would still be using it
    were it not for the fact we had no success increasing the licence count.
    I understand a VMS version was also made available but we did not get
    that.

    I'll have a look at VMSauth and HP LDSU.

    Thanks, Malcolm Smeaton

    >
    > Extract from data sheetsupports Active Directory, OpenLDAP etc)
    >
    > "Many organizations are employing LDAP as a centralized repository for
    > storing
    > user information because it simplifies administration: additions and
    > changes to
    > permissions are made only once in a directory and are immediately
    > available to
    > all authorized users, directory-enabled applications, systems, and

    other
    > devices.
    > By keeping the authentication centralized in a directory, a security
    > administrator
    > will always know who is accessing network resources and can define

    user/
    > group-based policies to control access. The VMS Authentication Module
    > makes
    > use of an LDAP directory through a login request for access. The

    username,
    > password, and all data can be encrypted via TLS between the OpenVMS

    system
    > and any LDAP compliant directory server to protect a user's identity

    from
    > being
    > compromised. To ease administration, the VMS User Authorization File

    may
    > be synced with the LDAP server password. An administrator can also

    specify
    > a
    > login request should perform multiple searches on multiple servers."
    >
    > http://www.process.com/VMSauth/OpenV...h%20Module.pdf (data

    sheet)
    >
    >
    > If directory synching is what you are looking for, then HP LDSU might

    also
    > be
    > an option:
    >
    > http://h20219.www2.hp.com/services/c...0-225-121.html
    >
    > Regards
    >
    >
    > Kerry Main
    > Senior Consultant
    > HP Services Canada
    > Voice: 613-592-4660
    > Fax: 613-591-4477
    > kerryDOTmainAThpDOTcom
    > (remove the DOT's and AT)
    >
    > OpenVMS - the secure, multi-site OS that just works.
    >
    >



  2. Re: LDAP tools for VMS

    Hi Malcolm,

    > Does anyone know where I can get hold of some useful LDAP utilities
    > for VMS?
    >
    > For example ldapsearch, ldapadd, ldapmodify, ldapdelete

    ....
    > We have an OpenLDAP Directory Server but a significant part of our user
    > account management for staff and students is processed on VMS and
    > distributed to other platforms - including the OpenLDAP server. It would
    > be very handy if we could use the above tools to access the directory
    > server directly from VMS, especially for things like testing.
    >
    > We have already written some modules using the C language application
    > programming interface (API) for LDAP, but if the above tools are already
    > available from VMS DCL why bother trying to write these ourselves.


    There's an example program, SYS$EXAMPLES:LDAP_EXAMPLE.C, which is ldapsearch
    by another name.

    > That's interesting. Once upon a time we used Innosoft IDDS LDAP
    > directory server on Sun Solaris, and a good one it was too until they
    > sold it to Sun and it became unsupported. We would still be using it
    > were it not for the fact we had no success increasing the licence count.
    > I understand a VMS version was also made available but we did not get
    > that.


    I have IDDS here but we're not currently using LDAP (although that may
    change soon). I've tried Enterprise Directory and it seems to work OK, but
    it's very different to manage.

    Have you tried building the OpenLDAP utilities on VMS? I tried building the
    server several years ago but it was all too difficult.

    Regards,

    Jeremy Begg
    (replace nospam by jeremy to reply)


  3. Re: LDAP tools for VMS

    Jeremy Begg wrote:
    >
    > Have you tried building the OpenLDAP utilities on VMS? I tried building
    > the server several years ago but it was all too difficult.


    The server requires a backend database, and I do not know if any of the
    supported ones have been ported to OpenVMS.

    I left build instructions for the Open LDAP client libraries, utilities
    and test programs to the team at HP working on those products. It was
    not a complete port as more work was needed to convert a fork() call to
    vfork() on one of the programs. I do not remember if it was a utility
    or a test program.

    The Open LDAP library may end up being required for a fully functional
    SAMBA with support for Active Directory, so you may want to direct your
    queries to the team working on the Samba port.

    The Open LDAP project is the successor to the project that the VMS
    supplied LDAP library came from, and the configure script actually
    checks for some features that essentially are VMS specific.

    -John
    wb8tyw@qsl.network
    Personal Opinion Only

  4. Re: LDAP tools for VMS

    Malcolm Smeaton wrote:
    > We have an OpenLDAP Directory Server but a significant part of our user
    > account management for staff and students is processed on VMS and
    > distributed to other platforms - including the OpenLDAP server. It would
    > be very handy if we could use the above tools to access the directory
    > server directly from VMS, especially for things like testing.
    >
    > We have already written some modules using the C language application
    > programming interface (API) for LDAP, but if the above tools are already
    > available from VMS DCL why bother trying to write these ourselves.


    Probably too late, but:

    http://www.mozilla.org/directory/javasdk.html has ldapsearch, ldapmodify
    and ldapdelete in Java !

    Arne

  5. Re: LDAP tools for VMS

    In article <474a41cb$0$90270$14726298@news.sunsite.dk>, =?ISO-8859-1?Q?Arne_Vajh=F8j?= writes:
    >Malcolm Smeaton wrote:
    >> We have an OpenLDAP Directory Server but a significant part of our user
    >> account management for staff and students is processed on VMS and
    >> distributed to other platforms - including the OpenLDAP server. It would
    >> be very handy if we could use the above tools to access the directory
    >> server directly from VMS, especially for things like testing.
    >>
    >> We have already written some modules using the C language application
    >> programming interface (API) for LDAP, but if the above tools are already
    >> available from VMS DCL why bother trying to write these ourselves.

    >


    I've no idea why they haven't provided all the LDAP tools however it looks like
    you can build your own ldapsearch.

    At least on Alpha VMS 8.3 if you look in sys$examples you'll find

    LDAP_EXAMPLE.C

    which looks like it is an ldapsearch.

    "
    * To build this program use:
    * $ cc ldap_example
    * $ link ldap_example
    *
    * The program expects to run as a foreign command. To define the foreign
    * command use the following syntax:
    *
    * $ ldap_example := $disk1:[mydir]ldap_example.exe ! define foreign command
    *
    * The program expects the following arguments:
    *
    * server The node which is providing LDAP access to a directory
    *
    * base The base object in the directory for the search operation
    *
    * filter The search filter to be used
    *
    * attributes An optional list of one or more attributes to be returned
    * for each matching record. If no attributes are specified,
    * then all user attributes will be returned.
    *
    * An example of a search command would be:
    *
    * $ ldap_example server "o=acme, c=us" "(sn=s*)" cn sn
    *
    * Given the parameters above, the program will attempt to make contact
    * with an LDAP server on node "server", and request a search for all
    * records below the object "o=acme, c=us" that match the filter "sn=s*".
    * For each matching record, the attributes "cn" and "sn" will be displayed.
    */
    "





    David Webb
    Security team leader
    CCSS
    Middlesex University



    >Probably too late, but:
    >
    >http://www.mozilla.org/directory/javasdk.html has ldapsearch, ldapmodify
    >and ldapdelete in Java !
    >
    >Arne


+ Reply to Thread