[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldap-nis] Win2K and Linux passwd/group info

To: "Smits.Dolf" <Dolf.Smits@siemens.nl>
Subject: Re: [ldap-nis] Win2K and Linux passwd/group info
From: Pierangelo Masarati <pmasarati@bci.it>
Date: Fri, 27 Apr 2001 10:15:30 +0200
Cc: "'yiping@opendesign.com'" <yiping@opendesign.com>, bob_joslin@hp.com, ARechenberg@shermanfinancialgroup.com, nssldap@padl.com, ldap-nis@padl.com, ldap@umich.edu, openldap-software@OpenLDAP.org
Organization: SysNet
References: <2FAEA868F23AD411AFD10000D11ED33E0245AED7@hagb037a.siemens.nl>

"Smits.Dolf" wrote:

> Hello All,
>
> My idea would be to do it the other way round, let Microsoft AD be the slave
> of an LDAP server which can be freely configured (And might probably more
> stable).

Well, you may think of using OpenLDAP 2.0 with some client
doing some kind of replication towards AD, correct? You can
do it if you accept all the limitations to the ldap schema introduced
by MS (single-valued cn, need to maintain distinguishedName attr
for every entry, redefinition of top objectClass, and so).

>
> I don't know whether this is possible (I don't know whether Micrsoft really
> uses LDAP for authentication) But this would seem a more flexible solution
> to me.

If auth is all you need, then I experienced myself that samba-tng
(with a little help :) can act as PDC entirely based on an external
ldap repository (OpenLDAP 2.0, in my case). So you don't need
AD any more. But I'm still in the first approach phase, so I might
be the least qualified person to talk about auth'ing W2K users ...

Pierangelo.

PS: this thread started with a mispelled
openldap-software address in the recipients list :-)

--
Dr. Pierangelo Masarati    mailto:ando@sys-net.it
Developer, SysNet s.n.c.   http://www.sys-net.it

Prev by Date: Re: OpenLDAP 2.0.7 partial replication?
Next by Date: OpenSSL
Index(es):
- Chronological
- Thread