[Date Prev][Date Next]
Re: OpenLDAP+Active Directory
Aiko Barz wrote:
is it possible to create an Active Directory forest with multible
subdomains and make those informations available for one Linux
Right now, we have one domain and it is possible to do authentication
against the Active Directory, while using OpenLDAP, PAM and Kerberos.
But now, another department would like to have its own
directory/sub-domain. This means: uid=xyz will be located on
different directory servers within the Active Directory forest.
That means, there are UIDs with different BASEDNs.
CN=userA,OU=Users,DC=example,DC=local from AD1 and
CN=userB,OU=Users,DC=sub,DC=example,DC=local from AD2 shall both be
able to access a Linux box via SSH. No problem?
There's nothing in OpenLDAP that would prevent this. This is a question more
suited to either the pam_ldap or nss_ldap mailing lists. The only problem is
you might have cn=userA representing two different users in both domains at
once, and you'll have to have some kind of policy for dealing with those
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/