[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
CONTINUE: Interoperability with MS Software
Hi,
Thanks everyone for answering.
Please excuse me if my question was unclear.
What i mean by integrate is that the MS Software communicates directly
with the
openldap-openssl-SASL(kerberos) solution as mark points out below.
So from what i read below i would like to use the ADS Schema and use
the SRV
record. I was searching for that schema but didnt find it.
Is there a ADS Schema ?
thanks in advance,
samier.
>>> "Mark H. Wood" <mwood@IUPUI.Edu> 10.09.2003 16:27:48 >>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
From: Jeremy Ardley <jeremy@electrosilk.net>
> Yes it does integrate. We use VJ++ with Microsoft ADSI and LDAP
enabled
...
> think you will have some headaches
The difference is, of course, what you mean by "integrate". Windows
2000
and up have LDAP libraries and a variety of APIs to take advantage of
them. But OpenLDAP right out of the box is not what Windows expects of
an
ADS Domain Controller, if *that* is what you mean.
For the latter you'll need to load a compatible version of the ADS
schema
extensions, implement Kerberos V, add certain SRV records to your DNS
zones, and populate your Kerberos and directory services with a few
objects which ADS hosts expect. Those Kerberos principals must also
have
certain attributes in addition to those supplied by the native
Kerberos
tools, to glue them to the NT security model. It sounds like great fun
--
I wish I had the time to do one.
- --
Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/
iD8DBQE/XzTos/NR4JuTKG8RAjuMAJwLyTY3Zd/57VsmygDqDAw1wyCN9wCfVcqh
9nVgefBIDEPnRtjOoRFaYxc=
=iYDh
-----END PGP SIGNATURE-----