[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Win2k domain authing against Linux OpenLDAP
Might also look at the SAMBA project v2.2 which is in developoment right
now. We are attaching SAMBA to OpenLDAP and using SAMBA as a PDC and running
W2K with that.
-----Original Message-----
From: Luke Howard [mailto:lukeh@PADL.COM]
Sent: Saturday, September 01, 2001 4:44 AM
To: rharris@raindance.com
Cc: openldap-software@OpenLDAP.org; nicolas.williams@ubsw.com
Subject: Re: Win2k domain authing against Linux OpenLDAP
> I've about got my OpenLDAP server working for Solaris and Linux. Part of
>the company is using windows, most migrating to 2k soon. Nothing I can do
>about this so it is out of my hands.
>
> At any rate, we want those to authenticate against the OpenLDAP also.
The
>windows guy
>is saying he is finding alot of docs saying it can't be done. He is
pushing
>for an ADS server authentication to be master for everything and throw the
>LDAP out.
You can't replace a native mode W2K domain controller with one running
OpenLDAP. It is possible in theory but a lot of work would need to be
done.
A good way to start would be to implement the Microsoft-specific LDAP
matching rules, extended operations, and controls, and to add CLDAP
support at least for reading the root DSE. Then I would try and import
the data from an Active Directory server, update the LDAP SRV record
for a domain to point to the OpenLDAP server, and see what blows
up.
Actual _authentication_ is another matter entirely, this would require
a Kerberos KDC with support for Microsoft's proprietary PAC.
-- Luke
--
Luke Howard | lukehoward.com
PADL Software | www.padl.com