[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP as Active Directory replacement - is it possible?

Turbo Fredriksson wrote:

    Tomasz> Hello, I've been trying to figure out if it's possible to
    Tomasz> replace Active Directory with OpenLDAP (+ Samba, Kerberos,
    Tomasz> DNS etc.) on Linux - but from what I've found I'm not sure.

It's very much possible. It DO depend a little on what you want it for.
If you're going to use Exchange, then better go with AD. From what I've
heard it IS possible to configure OpenLDAP for this, but I never actually
heard any REAL success stories (only 'it should be possible provided you ...').

OK, and this is what I actually want from this AD replacement:

- it has to store users, groups and passwords
- it has to store "computer accounts"
- it has to store "policies" - for users, computers

So by example:

Clients are purely Windows machines. Now with Active Directory the below can be achieved:

1) PC1 (client) is booted.

2) it connects to the server, reads its "computer account" and "policy":
- what settings should it have, what programs installed - and if a program is missing, it should be automatically installed/deinstalled (according to the policy)

3) login box appears - user logs in
- he/she is authenticated against the server, and his/her settings are applied

And basically that's what I want.


Bar w Internecie wciaz bez cenzury! >>> http://link.interia.pl/f1835