[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Win2k domain authing against Linux OpenLDAP

>  I've about got my OpenLDAP server working for Solaris and Linux.  Part of
>the company is using windows, most migrating to 2k soon.  Nothing I can do
>about this so it is out of my hands.  
>  At any rate, we want those to authenticate against the OpenLDAP also.  The
>windows guy
>is saying he is finding alot of docs saying it can't be done.  He is pushing
>for an ADS server authentication to be master for everything and throw the
>LDAP out.  

You can't replace a native mode W2K domain controller with one running
OpenLDAP. It is possible in theory but a lot of work would need to be

A good way to start would be to implement the Microsoft-specific LDAP
matching rules, extended operations, and controls, and to add CLDAP
support at least for reading the root DSE. Then I would try and import
the data from an Active Directory server, update the LDAP SRV record
for a domain to point to the OpenLDAP server, and see what blows

Actual _authentication_ is another matter entirely, this would require
a Kerberos KDC with support for Microsoft's proprietary PAC.

-- Luke

Luke Howard | lukehoward.com
PADL Software | www.padl.com