[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: choose AD or LDAP



Quoting "cody wang" <codywang@clunet.edu>:

> As I am also deploying OpenLDAP, I have some delima sitution because
> we use Microsoft Active Directory. I have read about LDAP System
> Adminisration by O'Relly Carter that Microsoft Active Directory
> doesn't support PAM module

This is rubish. It's perfectly possible, I have done so myself on two
occations (for a customer that couldn't/wouldn't change to OpenLDAP).

You need the SFU (Microsoft Services For Unix - free 30 day demo on 
the M$ site). Other than that, it's resonably easy to configure LibNSS-LDAP
and LibPAM-LDAP to use AD (you have to take advantage of the attribute
setup - nss_map_{objectclass,attribute}).

> so we only have to either choose AD or
> LDAP for our one login/password. Since they cannot exist at the same
> time, what are people choice? Any idea would appreciate.

You're asking on a OpenLDAP list what people choose to run!? :)


In reality, if you CAN change then change. OpenLDAP is WAY faster on
exact the same hardware than AD. But sometimes you just CAN'T change,
so solve the issues/problems with what you have...