[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP centralized authentication with Active Directory



Hi, Andrew

Thanks for your suggestion. I will try using OpenLDAP with back-meta.

> Do you mean that you want to have a single OpenLDAP server that
refers authentication to the three backend servers?

I am figuring out more detail about my task:
Suppose that, if some one such as Mr Deck has account d@abc.com want to use
company mail service, so he will send his username/password to Openldap
server to authenticate to use mail service. He don't know anything about AD
server which manage abc.com domain. OpenLDAP server receives this
authentication request, and responses to the client that his access is
granted or denied. 
And authenticating users from other domains is familiar.

But, because my company structure so I have not Admin account or super user
account these AD servers that means I can't install any software. (each
domain is a sub-company). I can only lookup info.

Best regards,

Duong Pham

-----Original Message-----
From: Andrew Findlay [mailto:andrew.findlay@skills-1st.co.uk] 
Sent: 14 tháng một 2009 12:14 SA
To: Duong Pham Tung (FIM HN)
Cc: openldap-technical@openldap.org
Subject: Re: OpenLDAP centralized authentication with Active Directory

Do you mean that you want to have a single OpenLDAP server that
refers authentication to the three backend servers?

Does each AD server manage a separate non-overlapping part of
the tree? If so, you may be able to use OpenLDAP with back-meta
to glue the three servers together into a single service without
having to copy any data across.

In more complex cases you may have to copy data into OpenLDAP.
10,000 users is not very many, but you certainly would not want
to copy the entries by hand. You may need to write some scripts
to synchronise the data. The scripts could put an attribute into
each entry in OpenLDAP to say which AD server the user came from.
You could then use Pass-Through Authentication:

	
http://www.openldap.org/doc/admin24/security.html#Pass-Through%20authenticat
ion

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------