[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: AD + Openldap integration

To: Andrew Bartlett <abartlet@samba.org>
Subject: Re: AD + Openldap integration
From: Rich West <Rich.West@wesmo.com>
Date: Wed, 07 May 2008 10:56:26 -0400
Cc: openldap-technical@openldap.org
In-reply-to: <1210117326.10339.7.camel@naomi>
References: <4820C26F.8030301@wesmo.com> <1210117326.10339.7.camel@naomi>
User-agent: Thunderbird 2.0.0.12 (X11/20080226)

Andrew Bartlett wrote:
> On Tue, 2008-05-06 at 16:41 -0400, Rich West wrote:
>   
>> I am not entirely sure where to ask this particular question, and I
>> apologize in advance if this is not the correct forum...
>>
>> We have an AD infrastructure and we'd like to get all of our unix boxes
>> to authenticate against the AD servers. 
>>     
>
> You really should be looking at Samba and winbind.  There we handle all
> the messy details of dealing with AD. 
>
> If you want (say, for reasons of reducing dependence on AD) to use your
> own replicated directory, then this is quite possible (and OpenLDAP
> would be a fine DS for that purpose), but this gets painful with
> passwords etc. 

Interesting.. I was not aware that there was a pam hook for
user/password auth.

If I were to do an OpenLDAP replica, it would be read-only, which should
make things a little easier (I hope).  Again, if I went down that route,
I am not sure exactly how to proceed (write a perl script to perform the
right ldapsearch to pull all of the users entries to build the ldif file
which then gets slurped in to openldap? write a perl script to use the
ldap lib to grab each entry and insert it in to openldap?)

-Rich

Follow-Ups:
- Re: AD + Openldap integration
  - From: Andrew Bartlett <abartlet@samba.org>

References:
- AD + Openldap integration
  - From: Rich West <Rich.West@wesmo.com>
- Re: AD + Openldap integration
  - From: Andrew Bartlett <abartlet@samba.org>

Prev by Date: Re: change berkeley version
Next by Date: Re: change berkeley version
Index(es):
- Chronological
- Thread