[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Active directory and openldap

To: François Bourget <Francois.Bourget@USherbrooke.ca>
Subject: Re: Active directory and openldap
From: Stephan Siano <stephan.siano@suse.de>
Date: Thu, 22 May 2003 09:43:41 +0200
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <BAF07083.14BA%Francois.Bourget@USherbrooke.ca>
References: <BAF07083.14BA%Francois.Bourget@USherbrooke.ca>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021204

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

François Bourget wrote:
| Hello,
|
| Just want to be able to use a Campus-wide Ldap server (openldap) with an
| AD locallay so that our users have the same password. They already have
| the same username all across Campus.
|
| Is it possible to use an Openldap server as a Master, and that server
| feeds an AD domain with usernames and password only in one direction.
| Dont need anything esle than username and password (for now)

Hi,

I haven't actually tried it, but shouldn't it be possible to
authenticate against the AD-Server (and get a Kerberos TGT) from it and
then use the LDAP-Server with the GSSAPI-SASL-mechanism? You "just" have
to create a principal for the LDAP-Service ind the AD
(ldap/your.ldap.server) and extract the keyfile from it (and store it
where the slapd can access it).

Yours
Stephan Siano
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+zH+tqA9BW6fcBwIRAte2AKDs9FoWGiP235J9XNitq8ycq1fPUwCg3u2t
IpJwDeUep0oIVCdSdT0P1CY=
=Wh6q
-----END PGP SIGNATURE-----

References:
- Active directory and openldap
  - From: François Bourget <Francois.Bourget@USherbrooke.ca>

Prev by Date: Re: escaping strings in DN
Next by Date: hello
Index(es):
- Chronological
- Thread