[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
OpenLDAP / Active directory cohabitation
- To: openldap-technical@openldap.org
- Subject: OpenLDAP / Active directory cohabitation
- From: Alexandre Rosenberg <arekkusu@r42.ch>
- Date: Mon, 29 May 2017 23:36:10 +0900
- Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=r42.ch; s=mail; t=1496068572; bh=oV73cnNYKBRDLwc9FZDJQTX7Yydtb8LwiUOqS45a7iQ=; h=From:Subject:To:Date:From; b=MLzoBSnZjFC1vMxlWtv+i32lgnwUtfWzNCxAw6+g45U8HUlYlCCOgaW9K1Ohv+NCG 4IX5bwaNsRND6NDyXLtg4C4KYx58pBw5OT+e6c5ZFQSf/VYyX4YfPnCx0MXnuuEsih A8Kxk5770sM25VMmNf5jykYNx3RUruDu/mEhGxk8=
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
Hello,
I am in a environment where we use both OpenLDAP and Active Directory.
All Linux servers authenticate against OpenLDAP where we have user
group, unix group (...)
I would like to keep everything the same except that when the user bind
to OpenLDAP the credential should be checked against Active Directory.
There is no need to retrieve/return any information from Active
Directory except for the authentication.
This means that if perform a BIND and a search, the BIND should be
performed against the AD but the search result should from OpenLDAP.
(anonymous search is fine)
One complication is that we have 2 times of usernames:
short username: john01
long username: john.smith@example.com
The short username are used in in OpenLDAP like this:
uid=john01,ou=People,dc=example,dc=com
While the AD uses the long username. From my test when binding to AD,
only the "DN" is simply set to the username.
john.smith@example.com
I am starting to seriously look at the various OpenLDAP overlay and
proxy functionality but I am a bit confused on how to archive this.
Best regards,
Alexandre