[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP and Active Directory

OpenLDAP Community,

We have two LDAP servers on our network. One is an OpenLDAP server, and the other is an Active Directory server. I have been investigating how to authenticate against Active Directory through the OpenLDAP server, and after several days of reading fragmented pieces of information, I am admittedly confused.

I have read about a couple of different options such as OpenLDAP's back-end or meta server, setting up a proxy, but I am still unsure which option to use. Regrettably, there is little cohesive information for establishing such a relationship, so I would love some advice. First let me describe this relationship between the two servers.

The OpenLDAP server will hold various bits of information about the users of our network, service configurations, etc. Basically, it contains the user name and small groupings of unrelated information. I want this server to be the only "point of contact" for our users and software. In other words, nobody needs to know about the Active Directory, except for the OpenLDAP server of course.

The Active Directory has user names and passwords. I am looking for a way to authenticate our users against the Active Directory. There are a few ground rules for this relationship:

1) I don't want services or users to contact the ADS server directly.
2) I don't want to synchronize passwords between the two servers.
3) I cannot replace the ADS with OpenLDAP.

Is there a preferred way to handle this situation? Can this be achieved through OpenLDAP?

Many thanks for your time,