[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP interop with AD questions



On Thu, Nov 13, 2008 at 07:27:44PM -0600, Christopher Barry wrote:

> The goal is to have a single user/password db in AD, and have all of the
> old NIS map data in OpenLDAP. SSO would be a nice to have feature too.
> I've read more stuff than I can count, but I'm still more than a little
> confused.

You might want to consider pass-through authentication:

http://www.openldap.org/doc/admin24/security.html#Pass-Through%20authentication

That would allow you to keep non-Windows data in OpenLDAP but
still use AD to check passwords.

Doing tricks like that does leave you open to more failure modes:
loss of connectivity to AD, failure of the SASL daemon etc.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------