[Date Prev][Date Next]
CONTINUE: Interoperability with MS Software
Thanks everyone for answering.
Please excuse me if my question was unclear.
What i mean by integrate is that the MS Software communicates directly
openldap-openssl-SASL(kerberos) solution as mark points out below.
So from what i read below i would like to use the ADS Schema and use
record. I was searching for that schema but didnt find it.
Is there a ADS Schema ?
thanks in advance,
>>> "Mark H. Wood" <mwood@IUPUI.Edu> 10.09.2003 16:27:48 >>>
-----BEGIN PGP SIGNED MESSAGE-----
From: Jeremy Ardley <email@example.com>
> Yes it does integrate. We use VJ++ with Microsoft ADSI and LDAP
> think you will have some headaches
The difference is, of course, what you mean by "integrate". Windows
and up have LDAP libraries and a variety of APIs to take advantage of
them. But OpenLDAP right out of the box is not what Windows expects of
ADS Domain Controller, if *that* is what you mean.
For the latter you'll need to load a compatible version of the ADS
extensions, implement Kerberos V, add certain SRV records to your DNS
zones, and populate your Kerberos and directory services with a few
objects which ADS hosts expect. Those Kerberos principals must also
certain attributes in addition to those supplied by the native
tools, to glue them to the NT security model. It sounds like great fun
I wish I had the time to do one.
Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/
-----END PGP SIGNATURE-----