[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Use active directory to check password but keep all user data in LDAP

To: Mattias Segerdahl <mattias.segerdahl@jeppesen.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: Use active directory to check password but keep all user data in LDAP
From: Howard Chu <hyc@symas.com>
Date: Wed, 28 May 2014 04:00:26 -0700
In-reply-to: <CFAB85D9.59C6C%mattias.segerdahl@jeppesen.com>
References: <CFAB85D9.59C6C%mattias.segerdahl@jeppesen.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26a1

Mattias Segerdahl wrote:

Hello,

I was wondering if it is possible to configure OpenLDAP 2.4 to only check the
password validation with Active Directory and have the rest of the user
attributes, such as mail, loginShell, homeDirectory, etc. come from OpenLDAP?
Any pointers, guides, howtoâs or even âlet me google that for youâ are highly
appreciated.

Several ways to do that. Use the adauth overlay, or the remoteauth overlay, orthe pbind overlay, for example.

Overall it's a bad idea, Active Directory authentication is thousands of timesslower than OpenLDAP authentication. You can very easily overload the ADserver on an active network.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: Use active directory to check password but keep all user data in LDAP
  - From: Peter Gietz <peter.gietz@daasi.de>

References:
- Use active directory to check password but keep all user data in LDAP
  - From: Mattias Segerdahl <mattias.segerdahl@jeppesen.com>

Prev by Date: Use active directory to check password but keep all user data in LDAP
Next by Date: Re: Use active directory to check password but keep all user data in LDAP
Index(es):
- Chronological
- Thread