[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP / Active directory cohabitation



Hello,

I am in a environment where we use both OpenLDAP and Active Directory.
All Linux servers authenticate against OpenLDAP where we have user group, unix group (...)

I would like to keep everything the same except that when the user bind to OpenLDAP the credential should be checked against Active Directory. There is no need to retrieve/return any information from Active Directory except for the authentication.

This means that if perform a BIND and a search, the BIND should be performed against the AD but the search result should from OpenLDAP. (anonymous search is fine)

One complication is that we have 2 times of usernames:

	short username: john01
	long username:  john.smith@example.com

The short username are used in in OpenLDAP like this:

	uid=john01,ou=People,dc=example,dc=com

While the AD uses the long username. From my test when binding to AD, only the "DN" is simply set to the username.

	john.smith@example.com

I am starting to seriously look at the various OpenLDAP overlay and proxy functionality but I am a bit confused on how to archive this.

Best regards,

Alexandre