[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems access MS Active Directory from OpenLDAP 2.1.2


At this time, I am not attempting to use an MIT realm. Would it be advised to implement the MIT realm, and pursue this option? Or is there a way to directly authenticate against the W2K? Or, are both possible/workable?

If both are workable, what are the relative advantages/disadvantages of each? I originally thought this was a straight forward project. Suddenly, it's starting to edge towards new territory (multiple realms and trust relationships). I would greatly appreciate any advise!


At 04:41 AM 7/10/2002 -0700, al.lilianstrom@fnal.gov wrote:
Setup a trust between the MIT realm and the w2k domain. Then when you
kinit on the MIT side you will be able to search the w2k side as you
will bind as anonymous.

If you need write access create an account on the w2k side with the
necessary access and then add a kerberos mapping from your MIT principal
to the windows user. You will then be able to use ldapsearch to find
whatever you want and ldapmodify to change what you have access to.



Al Lilianstrom

****************************************************************************** * Anthony Brock abrock@georgefox.edu * * Director of Network Services George Fox University * ******************************************************************************