Re: AD pass through to Openladp?

[Peter Gietz <peter.gietz@daasi.de>]

Am 06.06.2014 20:54, schrieb Justin Stanczak:
> Is there a method of connecting Active Directory to use OpenLDAP as
> the authentication source. So pass through to OpenLDAP. Making
> OpenLDAP the primary system with all the passwords and usernames. I
> realize this might be more of a AD question, but the places I've
> looked seem to always make AD the primary. Then everyone else must
> proxy to AD. Thanks.

May be you could achieve such with  a realm trust between any
non-Windows Kerberos version 5 (V5) realm and an Active Directory domain
and use a Kerberos system that can be configured to use OpenLDAP as data
backend. But that is just a mere guess.

But what you also could do is provision AD from OpenLDAP. For the
password you would need to have the clear text stored in a reversible
encrypted way (we use X509 asymmetric encryption in our projects), or
create the AD hashes and store them in OpenLDAP, when a user changes her
password.  Both is quite some work but doable and makes sense within a
broader identity management project.

What you also could do is get away with AD and use samba with OpenLDAP
backend instead ;-)

Just some thoughts, hoping it helps,

Peter


 

-- 

Peter Gietz, CEO

DAASI International GmbH        
Europaplatz 3                   
D-72072 TÃbingen                
Germany                    

phone: +49 7071 407109-0
fax:   +49 7071 407109-9  
email: peter.gietz@daasi.de
web:   www.daasi.de

Sitz der Gesellschaft: TÃbingen
Registergericht: Amtsgericht Stuttgart, HRB 382175
GeschÃftsleitung: Peter Gietz