[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Active directory and openldap

To: OpenLDAP-software@OpenLDAP.org
Subject: Re: Active directory and openldap
From: Jerome Walter <walter+openldap@efrei.fr>
Date: Fri, 13 Jun 2003 08:40:25 +0200
Content-disposition: inline
In-reply-to: <37600.64.94.142.144.1053533603.squirrel@webmail.mykungfuisthebest.net>
User-agent: Mutt/1.4i
User-agent: Mutt/1.4i

On Wed, May 21, 2003 at 09:13:23AM -0700, Lon Tierney wrote:
> What you will soon find is that you have to replicate all userPassword
> values to AD in the clear - AD can not accept hashed or encrypted values.
> So, if you store the passwords in the clear in your OpenLDAP server, you
> should be fine.

Perhaps i don't get it, but having Trusted realm installed towards an Unix
KDC, i have something like this in my AD ldif output :

altSecurityIdentities: Kerberos:walter@USERS.ES.EFREI.FR

You should understand that USERS.ES.EFREI.FR is the Unix (hem GNU/Linux) KDC.

Having this, i am authenticating on the other KDC and get tickets from both
unix and AD realms without the need of the AD password for the user.

Don't we just need then to replicate _valid_ AD schema data into the LDAP
server of the AD DC to have the users working in the AD realm ?

I am also currently working on this and get stuck with the way to replicate
slapd data to AD server and/or the other way. Does someone did get this
working. It seems that University of Michigan has worked on this and setup a
modified slurpd to get this working. Any info about this ? Anyone from UMich
who could contribute ?

Best Regards,

Jerome Walter

-- 
-+--   Jérôme Walter - 	I2 EFREI		          ----+-
 Equipe Système - Efrei Robotique - Jap'Efrei - Erasmus Tutors
 "The World is my country" - "Nihon no tomodachi desu"
EFREI System and Networking guide http://perso.efrei.fr/~walter/

Prev by Date: Re: Creating indexes for first time
Next by Date: ACL
Index(es):
- Chronological
- Thread