Re: OpenLDAP as Active Directory replacement - is it possible?

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

With an enough engineering resources, it is possible to
construct some sort of AD replacement based upon OpenLDAP
Software, various other packages, and a lot of new code.
PADL has demonstrated so by producing its XAD product
<http://www.padl.com/Products/XAD.html> (based, in part,
on OpenLDAP Software).

At 03:57 AM 9/21/2004, Tomasz Chmielewski wrote:
>I've been trying to figure out if it's possible to replace Active Directory with OpenLDAP (+ Samba, Kerberos, DNS etc.) on Linux - but from what I've found I'm not sure.

Note that AD is more appropriately considered an MS Windows
operating system-specific authentication, authorization, and
information service which, amongst other things, provides
access to certain kinds of data via LDAP.  To think of AD as
a general purpose directory (even though it purports to be that
as well) will lead to conclusion that one can replace the
functionality offered by AD by a general-purpose LDAP server
such as OpenLDAP's slapd(8).

Now, if the only function of AD that you wanted to replace
was it general-purpose LDAPv3-compatible directory capabilities,
that would be another matter.

But it should be a given that slapd(8) simply does not provide
the Microsoft operating system functionality.  I note as well
that providing such functionality is generally viewed as
something best left to projects, such as Samba, whose
purpose is to produce software which emulates Microsoft
products.  The OpenLDAP Project prefers to focus on
implementing open-standard directory specifications.

It's my understanding that the Samba folks are working on
such a replacement.  Hence, you might seek out an appropriate
Samba mailing list to see what they might have to offer in
this area.

Kurt