[Date Prev][Date Next]
OpenLDAP and Active Directory
We have two LDAP servers on our network. One is an OpenLDAP server, and
the other is an Active Directory server. I have been investigating how
to authenticate against Active Directory through the OpenLDAP server,
and after several days of reading fragmented pieces of information, I am
I have read about a couple of different options such as OpenLDAP's
back-end or meta server, setting up a proxy, but I am still unsure which
option to use. Regrettably, there is little cohesive information for
establishing such a relationship, so I would love some advice. First
let me describe this relationship between the two servers.
The OpenLDAP server will hold various bits of information about the
users of our network, service configurations, etc. Basically, it
contains the user name and small groupings of unrelated information. I
want this server to be the only "point of contact" for our users and
software. In other words, nobody needs to know about the Active
Directory, except for the OpenLDAP server of course.
The Active Directory has user names and passwords. I am looking for a
way to authenticate our users against the Active Directory. There are a
few ground rules for this relationship:
1) I don't want services or users to contact the ADS server directly.
2) I don't want to synchronize passwords between the two servers.
3) I cannot replace the ADS with OpenLDAP.
Is there a preferred way to handle this situation? Can this be achieved
Many thanks for your time,