[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE : Active directory and openldap



So If I understand, the authentication is redirected to the openldap server.
But is there a way to replicate each users and there password to an AD
server ? So that each time a new user is created or deleted that would be
replicated on the Microsoft AD server.
I don't need this to be birectionnal, I would not let the users change there
password for windows only on the ldap server

Thanks,

Francois


-----Message d'origine-----
De : Corey Scholefield [mailto:coreys@uvic.ca] 
Envoyé : 23 mai 2003 17:02
À : Howard Chu
Cc : OpenLDAP-software@OpenLDAP.org
Objet : RE: Active directory and openldap
Importance : Haute



On Thu, 22 May 2003, Howard Chu wrote:

> > I was under the impression that one could establish a trust 
> > relationship beteen an Active Directory domain and a non-Microsoft 
> > Kerberos realm in order to establish connectivity like this....?
>
> Yes, you can, but that doesn't gain you very much. All it lets you do 
> is use a foreign realm to verify a user's credentials (i.e., 
> authentication), but it doesn't allow you to retrieve the user's 
> privileges (i.e., authorization) from a foreign source. For that you 
> need something else, like Samba.

Ok, so in this scenario, the LDAP server in the trusted foreign realm is
used to connect to AD, and push (via secured replication) trusted
authentication data into AD - rather than AD making some sort of trusted
referral back to OpenLDAP to verify the credentials ?

Thanks....just trying to clear up which way things are going here....

Corey