[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE : Active directory and openldap

So If I understand, the authentication is redirected to the openldap server.
But is there a way to replicate each users and there password to an AD
server ? So that each time a new user is created or deleted that would be
replicated on the Microsoft AD server.
I don't need this to be birectionnal, I would not let the users change there
password for windows only on the ldap server



-----Message d'origine-----
De : Corey Scholefield [mailto:coreys@uvic.ca] 
Envoyé : 23 mai 2003 17:02
À : Howard Chu
Cc : OpenLDAP-software@OpenLDAP.org
Objet : RE: Active directory and openldap
Importance : Haute

On Thu, 22 May 2003, Howard Chu wrote:

> > I was under the impression that one could establish a trust 
> > relationship beteen an Active Directory domain and a non-Microsoft 
> > Kerberos realm in order to establish connectivity like this....?
> Yes, you can, but that doesn't gain you very much. All it lets you do 
> is use a foreign realm to verify a user's credentials (i.e., 
> authentication), but it doesn't allow you to retrieve the user's 
> privileges (i.e., authorization) from a foreign source. For that you 
> need something else, like Samba.

Ok, so in this scenario, the LDAP server in the trusted foreign realm is
used to connect to AD, and push (via secured replication) trusted
authentication data into AD - rather than AD making some sort of trusted
referral back to OpenLDAP to verify the credentials ?

Thanks....just trying to clear up which way things are going here....