[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pam/nss ldap authentication against ms exchange 5.5



On Thu, Feb 21, 2002 at 02:25:26PM +0100, Andrej Radonic wrote:
% we want to establish ldap authentication for linux redhat 7.2 machines
% against an existing exchange 5.5 (ldap) server.
% 
% while I have seen from different posts that querying using basic ldap
% clients like ldapsearch does work I have doubts whether the task of
% actually authenticating linux users on this basis can be done "out of
% the box".
% 
% as far as I know exchange does not store user passwords in its ldap db.
% rather it relies on the underlying win nt accounts.

I think the big problem you'll run into is that Exchange/Active Directory
doesn't store UID/GID information for users. I'm not sure how you'd go about
getting a valid UID/GID pair for your users who are logging into your Linux
machines.

One alternative might be to use pam_ldap to do user *authentication*, but
have local "accounts" in /etc/passwd in order to obtain UID/GID/home
directory information.

john
-- 
John Morrissey          _o            /\         ----  __o
jwm@horde.net        _-< \_          /  \       ----  <  \,
www.horde.net/    __(_)/_(_)________/    \_______(_) /_(_)__