[Date Prev][Date Next]
Re: OpenLDAP synchtonization with windows/Active Directory
Razi Garbie wrote:
2008/2/13, Michael Ströder <email@example.com
Use pam_ldap or pam_krb5 against AD. NIS information you can retrieve
from OpenLDAP with nss_ldap. No syncing needed for that, just different
ldap.conf files for pam_ldap and nss_ldap.
I see, so a slapd is not needed?
In this scenario authentication would be done directly with AD. But you
also might want to retrieve the NIS information (what's in /etc/passwd)
via LDAP. It depends whether you also want that information to be stored
in AD or not.
If thats the case, do you perhaps know if i'll be able to authenticate
services that use LDAP:// and not PAM?
You can have a mixture of applications directly checking a password via
LDAP and some using PAM or some directly using Kerberos or...
But take into account operational and security considerations.
Could someone please give me links so that i can read up upon how to
setup OpenLDAP to authenticate against Windows/AD.
Use SASL GSSAPI for using Kerberos with AD to authenticate clients which
bind to slapd.