[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: AD + Openldap integration

Andrew Bartlett wrote:
> On Tue, 2008-05-06 at 16:41 -0400, Rich West wrote:
>> I am not entirely sure where to ask this particular question, and I
>> apologize in advance if this is not the correct forum...
>> We have an AD infrastructure and we'd like to get all of our unix boxes
>> to authenticate against the AD servers. 
> You really should be looking at Samba and winbind.  There we handle all
> the messy details of dealing with AD. 
> If you want (say, for reasons of reducing dependence on AD) to use your
> own replicated directory, then this is quite possible (and OpenLDAP
> would be a fine DS for that purpose), but this gets painful with
> passwords etc. 

Interesting.. I was not aware that there was a pam hook for
user/password auth.

If I were to do an OpenLDAP replica, it would be read-only, which should
make things a little easier (I hope).  Again, if I went down that route,
I am not sure exactly how to proceed (write a perl script to perform the
right ldapsearch to pull all of the users entries to build the ldif file
which then gets slurped in to openldap? write a perl script to use the
ldap lib to grab each entry and insert it in to openldap?)