[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Active directory and openldap

To: Howard Chu <hyc@symas.com>
Subject: RE: Active directory and openldap
From: Corey Scholefield <coreys@uvic.ca>
Date: Fri, 23 May 2003 14:01:30 -0700 (PDT)
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <015901c320b8$c5d1fb10$0e01a8c0@CELLO>
References: <015901c320b8$c5d1fb10$0e01a8c0@CELLO>

On Thu, 22 May 2003, Howard Chu wrote:

> > I was under the impression that one could establish a trust
> > relationship beteen an Active Directory domain and a
> > non-Microsoft Kerberos realm in order to establish
> > connectivity like this....?
>
> Yes, you can, but that doesn't gain you very much. All it lets you do is use
> a foreign realm to verify a user's credentials (i.e., authentication), but it
> doesn't allow you to retrieve the user's privileges (i.e., authorization)
> from a foreign source. For that you need something else, like Samba.

Ok, so in this scenario, the LDAP server in the trusted foreign realm
is used to connect to AD, and push (via secured replication) trusted authentication
data into AD - rather than AD making some sort of trusted referral back
to OpenLDAP to verify the credentials ?

Thanks....just trying to clear up which way things are going here....

Corey

Follow-Ups:
- SAMBS. Why DOMAIN\C5userid
  - From: "Jason C. Leach" <jleach@ocis.net>
- RE : Active directory and openldap
  - From: "Francois Bourget" <Francois.Bourget@usherbrooke.ca>

References:
- RE: Active directory and openldap
  - From: "Howard Chu" <hyc@symas.com>

Prev by Date: RE: ldap traffic encryption with kerberos
Next by Date: SAMBS. Why DOMAIN\C5userid
Index(es):
- Chronological
- Thread