[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP synchtonization with windows/Active Directory

To: "Razi Garbie" <boneybastard@gmail.com>
Subject: Re: OpenLDAP synchtonization with windows/Active Directory
From: "àààà Anuj Singh" <anujhere@gmail.com>
Date: Mon, 11 Feb 2008 23:42:17 +0530
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <48e4340f0802110058u1f44f36dm9166f55836c30248@mail.gmail.com>
References: <48e4340f0802110058u1f44f36dm9166f55836c30248@mail.gmail.com>

On Feb 11, 2008 2:28 PM, Razi Garbie <boneybastard@gmail.com> wrote:
> Hi everyone,
>
> I've spent countless of hours trying to figure out how to sync openLDAP with
> my currently running windows/active directory, however.. i cant find any
> information on how this is done.
>
> Im currently running windows/AD which authenticates ~20users all windows
> boxes (obviously), however.. all windows users have accounts on the linux
> machines i run and that makes administrative tasks a bit messy, hence i have
> to make account changes on two different domains.
>
> The ideal setup is to setup setup a OpenLDAP server that is synced with
> windows active directory, so that my users can authenticate against the
> linux domain using their windows passwords.
Yes it can be done, in my setup a user can login to linux machine ,
this user does not exists on linux, beside it exists on windows active
directory.

I am getting these results.
suppose I have a user , say "bharat",
user bharat exists on windows active directory and on linux machine it
does not exists.

Now with few configurations user bharat can login to linux box though
it does not exists on linux.
Linux is getting authentication from windows active directory.

a.) I don't have to create a user account on linux machine.
b). My users on active directory can login to linux machine with same
passwords assigned on windows ad.
c). User can change their password from linux shell (still testing the
exact thing which I am getting), but it is confirmed that after
changing password from linux shell I have new password working, will
let you more.

I tried this thing.

1.) On windows first installed AD, then SFU (service for unix) which
gives a unix attribute setting to active directory user properties.
2.) Added a user on active directory.
3.) changed /etc/ldap.conf so that it can bind linux machine with AD.
4.) changed /etc/nsswitch.conf to have ldap authentication
5.) changed pam configuration
6.)authconfig settings to have ldap

I am still working on this thing, exact procedure which i followed I
am documenting it. e.g. file changes,

in the mean time you can visit the following page. it is among many
other pages which I followed.
http://blog.scottlowe.org/2006/08/08/linux-active-directory-and-windows-server-2003-r2-revisited/

I used RHEL5 and windows AD , working on RHEL4 to reproduce the results.

what os are you using?

Anuj Singh.

>
> etc,
> (linux machines/-ldap clients) - > OpenLDAP <--SYNC --> Win/AD <- (windows
> machines)
>
> Thats how i imagine the setup will look like.
>
> Has anyone ever done this?
> Any help is greatly appreciated!
>
> // Thanks, boney
>

Follow-Ups:
- Re: OpenLDAP synchtonization with windows/Active Directory
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

References:
- OpenLDAP synchtonization with windows/Active Directory
  - From: "Razi Garbie" <boneybastard@gmail.com>

Prev by Date: Re: OpenLDAP synchtonization with windows/Active Directory
Next by Date: RES: Master Slave ldap
Index(es):
- Chronological
- Thread