[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP and Microsoft ADSI (Was: NT PORT and Windows 2000 Server )

In a windows 2000 environment, the concept of a domain forest has been
introduced, and a  domain forest can incorporate any number of domain
controllers and "ordinary" servers. Each and every domain controller
will be active directory enabled, with one domain controller being
designated as a master for the purposes of directory

This is different from the NT4 model, where the PDC handled all the
logins. NT5 logins are basically handled by the nearest upstream domain
controller, and the designated master handles the synchronisation of all
directories DC's in the forest.

To modify the schema to allow storage of all the data in an OpenLDAP
server, you need the schema snap-in (nice word for a dll) for the
management console, naturally this was not shipped with my copy of NT5
Beta 3 (anyone knows where it is mail me please) or via code and the
ADSI. Certainly from my reading/fiddling at the moment I can see no
reason why the  ADS cannot store anything currently stored in an
OpenLDAP server.

But can I run my OpenLDAP server concurrently on a domain controller and
allow our software to avoid the ADS?

Greg Duncan

>Is anyone aware of the tight binding of Miscrosoft's Active Directory
>Service (ADS) and the soon to be released Windows 2000 server.
>As I understand it, if your NT5 server is a PDC, then it must have
>Microsoft's ADS, as it is tightly bound to the operating system and the
>DNS services.

If you use Windows 2000 in combination with ADS, you will only have
Domain Controllers. The domain concept is different from NT 4 and there
is no PDC/BDC anymore (at least not in a complete Win2000 ADS

Although this might not be 100% correct - I would say that ADS is
than LDAP used as authenication service. You can query a Windows 2000 DC
with standard LDAP tools such as >>ldapsearch<< and you can extend the
default ADS schema (in fact - that is what the next Exchange Server will

>Does this leave a place for OpenLDAP within the NT environment? I
>hope so and certainly have not investigated so deeply as to say either
>way and as I have to deploy software on various flavours of windows, I
>certainly prefer "Open Software".

Unfortunately I have no clue on howto to configure my Windows 2000 DC to
store all information in an OpenLDAP server. I don't believe that is
(at least right now)

>I would be very interested in opinions from other memebers who may have
>used NT5 and have opinions on this issue.

>Active Directory Services Interface ....
>Has anybody given thought to leveraging the the SDK for the windows
>environment, I offer this quote from MSDN. Yes, I know a hundred
>why we shouldn't, but it is an interesting piece of information.

>Microsoft OLE DB Provider for Microsoft Service
>The Microsoft® Active Directory Service Interfaces (ADSI) Provider
>Version 1.0 allows ADO to access heterogeneous directory services
>through ADSI. This gives ADO applications read-only access to the
>Microsoft Windows NT® 4.0 directory services, as well as to any LDAP
>compliant directory service and Novell Directory Services. ADSI itself
>is based on a provider model, so if there is a new provider giving
>access to another directory, the ADO application will be able to access
> seamlessly. The ADSI provider is free-threaded and unicode-enabled.

The ADSI 2.5 final SDK was just released a few days ago. As far as LDAP
concerned I think it is nothing more than easy access to the
comes with Outlook Express and other newer Microsoft components.

I use it to query my OpenLDAP server form some Visual Basic
There are some examples on that which come with the SDK. Before ADSI
you had to use direct DLL calls to get the same information which where
more tricky and much more work.