[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Active directory and openldap
On Thu, 22 May 2003, Howard Chu wrote:
> > I was under the impression that one could establish a trust
> > relationship beteen an Active Directory domain and a
> > non-Microsoft Kerberos realm in order to establish
> > connectivity like this....?
>
> Yes, you can, but that doesn't gain you very much. All it lets you do is use
> a foreign realm to verify a user's credentials (i.e., authentication), but it
> doesn't allow you to retrieve the user's privileges (i.e., authorization)
> from a foreign source. For that you need something else, like Samba.
Ok, so in this scenario, the LDAP server in the trusted foreign realm
is used to connect to AD, and push (via secured replication) trusted authentication
data into AD - rather than AD making some sort of trusted referral back
to OpenLDAP to verify the credentials ?
Thanks....just trying to clear up which way things are going here....
Corey