[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Win2k domain authing against Linux OpenLDAP
> I've about got my OpenLDAP server working for Solaris and Linux. Part of
>the company is using windows, most migrating to 2k soon. Nothing I can do
>about this so it is out of my hands.
>
> At any rate, we want those to authenticate against the OpenLDAP also. The
>windows guy
>is saying he is finding alot of docs saying it can't be done. He is pushing
>for an ADS server authentication to be master for everything and throw the
>LDAP out.
You can't replace a native mode W2K domain controller with one running
OpenLDAP. It is possible in theory but a lot of work would need to be
done.
A good way to start would be to implement the Microsoft-specific LDAP
matching rules, extended operations, and controls, and to add CLDAP
support at least for reading the root DSE. Then I would try and import
the data from an Active Directory server, update the LDAP SRV record
for a domain to point to the OpenLDAP server, and see what blows
up.
Actual _authentication_ is another matter entirely, this would require
a Kerberos KDC with support for Microsoft's proprietary PAC.
-- Luke
--
Luke Howard | lukehoward.com
PADL Software | www.padl.com