[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP+Active Directory

On Tue, Jan 22, 2008 at 01:14:47AM -0800, Howard Chu wrote:
> Aiko Barz wrote:
>> Hello,
>> is it possible to create an Active Directory forest with multible
>> subdomains and make those informations available for one Linux
>> machine?
>> Right now, we have one domain and it is possible to do authentication
>> against the Active Directory, while using OpenLDAP, PAM and Kerberos.
> There's nothing in OpenLDAP that would prevent this. This is a question 
> more suited to either the pam_ldap or nss_ldap mailing lists. The only 
> problem is you might have cn=userA representing two different users in 
> both domains at once, and you'll have to have some kind of policy for 
> dealing with those situations.


I was testing a subdomain configuration and I wondered: What happened
to the -C switch? And will there be support for following referrals
with credentials?

> $ ldapsearch -h 2>&1| grep "\-C" | wc -l
> 0

> $ ldapsearch -VV
> ldapsearch: @(#) $OpenLDAP: ldapsearch 2.4.7 (Jan 22 2008 00:11:57) $
>     buildd@ninsei:/build/buildd/openldap2.3-2.4.7/debian/build/clients/tools
>     (LDAP library: OpenLDAP 20407)

So long,
:wq â

Attachment: signature.asc
Description: Digital signature