[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: CONTINUE: Interoperability with MS Software

To: <openldap-software@OpenLDAP.org>
Subject: RE: CONTINUE: Interoperability with MS Software
From: Francois Beretti <francois.beretti@enatel.com>
Date: Thu, 11 Sep 2003 17:56:54 +0200
Importance: Normal
In-reply-to: <sf605a62.067@mail.unilog.de>

you got the AD schema through an Active Directory subSchema entry...
or probably on msdn.microsoft.com

good luck for the access control management :)

Francois

> -----Message d'origine-----
> De : owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]De la part de Samier Kesou
> Envoye : jeudi 11 septembre 2003 11:20
> A : mwood@IUPUI.Edu; openldap-software@OpenLDAP.org
> Objet : CONTINUE: Interoperability with MS Software
>
>
> Hi,
>
> Thanks everyone for answering.
> Please excuse me if my question was unclear.
>
> What i mean by integrate is that the MS Software communicates directly
> with the
> openldap-openssl-SASL(kerberos) solution as mark points out below.
> So from what i read below i would like to use the ADS Schema and use
> the SRV
> record.  I was searching for that schema but didnt find it.
>
>  Is there a ADS Schema ?
>
> thanks in advance,
> samier.
>
>
> >>> "Mark H. Wood" <mwood@IUPUI.Edu> 10.09.2003 16:27:48 >>>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> From: Jeremy Ardley <jeremy@electrosilk.net>
>
> > Yes it does integrate.  We use VJ++ with Microsoft ADSI and LDAP
> enabled
>
> ...
>
> > think you will have some headaches
>
> The difference is, of course, what you mean by "integrate".  Windows
> 2000
> and up have LDAP libraries and a variety of APIs to take advantage of
> them.  But OpenLDAP right out of the box is not what Windows expects of
> an
> ADS Domain Controller, if *that* is what you mean.
>
> For the latter you'll need to load a compatible version of the ADS
> schema
> extensions, implement Kerberos V, add certain SRV records to your DNS
> zones, and populate your Kerberos and directory services with a few
> objects which ADS hosts expect.  Those Kerberos principals must also
> have
> certain attributes in addition to those supplied by the native
> Kerberos
> tools, to glue them to the NT security model.  It sounds like great fun
> --
> I wish I had the time to do one.
>
> - --
> Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
> MS Windows *is* user-friendly, but only for certain values of "user".
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (GNU/Linux)
> Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/
>
> iD8DBQE/XzTos/NR4JuTKG8RAjuMAJwLyTY3Zd/57VsmygDqDAw1wyCN9wCfVcqh
> 9nVgefBIDEPnRtjOoRFaYxc=
> =iYDh
> -----END PGP SIGNATURE-----
>


____________
Virus checked by G DATA AntiVirusKit
Version: AVK 12.0.559 from 03.09.2003
Virus news: www.antiviruslab.com

References:
- CONTINUE: Interoperability with MS Software
  - From: "Samier Kesou" <samier.kesou@unilog.de>

Prev by Date: Can't log in from Solaris (9) Client(s)
Next by Date: Re: Can't log in from Solaris (9) Client(s)
Index(es):
- Chronological
- Thread