[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: AD pass through to Openladp?

To: openldap-technical@openldap.org
Subject: Re: AD pass through to Openladp?
From: Dieter KlÃnter <dieter@dkluenter.de>
Date: Fri, 13 Jun 2014 08:38:27 +0200
In-reply-to: <CAPC99Qa1ZUqH2LvozJC0796R-H6fm0tjbjQJiBOTrcdRe5GRpA@mail.gmail.com>
Organization: AVCI
References: <CAPC99QacH2S+2wTT60UYRFsn-AmVvsSd6eQzVn8s0jt_PgY0eA@mail.gmail.com> <20140606220244.135bb91c@tux3d.tangocharly> <CAPC99QY+dFbL_jjq+BiYMjGjAExOMChfQf_t19VyTb4KycEhPw@mail.gmail.com> <CABHAWv=HpD5Q4CnYyO2LnJei17v0CLmRQ+qprQmCzLmt2F1dnw@mail.gmail.com> <CAPC99QareuVLr84hRSFMKqgqRRXVgYf9ETeniefJJbaE7K-Feg@mail.gmail.com> <CABHAWv=LAdHCnehHBguW-AYKm5hMeAY-WFri8A28asXZbwivPQ@mail.gmail.com> <CAPC99Qa1ZUqH2LvozJC0796R-H6fm0tjbjQJiBOTrcdRe5GRpA@mail.gmail.com>

Am Thu, 12 Jun 2014 12:22:00 -0400
schrieb Justin Stanczak <rizenine@gmail.com>:

> This is probably better posted on the Kerberos list, but can Kerberos
> server work with AD? Meaning set up a Kerberos server (not MS) to
> authenticate users, and AD accepts tickets from that?

Yes, this can be done. There is some Microsoft documentation on this
topic, just search technet.microsoft.com.

-Dieter



> 
> On Tue, Jun 10, 2014 at 9:36 AM, Stewart Walters
> <stewart.walters@gmail.com> wrote:
> 
> > Hi Justin,
> >
> > My emails don't seem to arrive to the openldap-technical list.
> >
> > But, (and please note, I've never actually done this before) you
> > could use a virtual LDAP directory front-end to combine portions of
> > both AD and OpenLDAP to provide clients with a single unified
> > view.  In theory the client can't tell the difference between data
> > from one or the other (though I imagine that the theory and the
> > practice of this is completely different, which is why I've never
> > attempted this).
> >
> > Such products that provide this are MyVD
> > (http://myvd.sourceforge.net/) and some commercial ones like
> > RadiantOne VDS, Virtual Identity Server, Virtual LDAP Server EE
> >
> > However all of that complicates what should be a relatively simple
> > thing - storing and retrieving an identity held within a
> > directory.  I wouldn't recommend looking at virtual directories as
> > a way forward, you're likely to run in to bigger problems by over
> > engineering the solution.
> >
> > I find its best to keep things simple.  Either keep the OpenLDAP
> > and AD identities separate between the two directories, or if you
> > have to, look towards suggestions made by others (such as using
> > Kerberos V5 Trusted Realm+OpenLDAP; or Samba+OpenLDAP).
> >
> > Best of luck,
> >
> > Stewart
> >
> >
> >



-- 
Dieter KlÃnter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53Â37'09,95"N
10Â08'02,42"E

References:
- AD pass through to Openladp?
  - From: Justin Stanczak <rizenine@gmail.com>
- Re: AD pass through to Openladp?
  - From: Tobias Crefeld <tclx@klekih-petra.de>
- Re: AD pass through to Openladp?
  - From: Justin Stanczak <rizenine@gmail.com>
- Re: AD pass through to Openladp?
  - From: Justin Stanczak <rizenine@gmail.com>
- Re: AD pass through to Openladp?
  - From: Justin Stanczak <rizenine@gmail.com>

Prev by Date: Re: test050-syncrepl-multimaster fails on 2.4.39/mdb
Next by Date: Re: test050-syncrepl-multimaster fails on 2.4.39/mdb
Index(es):
- Chronological
- Thread