[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: choose AD or LDAP
Quoting "cody wang" <codywang@clunet.edu>:
> As I am also deploying OpenLDAP, I have some delima sitution because
> we use Microsoft Active Directory. I have read about LDAP System
> Adminisration by O'Relly Carter that Microsoft Active Directory
> doesn't support PAM module
This is rubish. It's perfectly possible, I have done so myself on two
occations (for a customer that couldn't/wouldn't change to OpenLDAP).
You need the SFU (Microsoft Services For Unix - free 30 day demo on
the M$ site). Other than that, it's resonably easy to configure LibNSS-LDAP
and LibPAM-LDAP to use AD (you have to take advantage of the attribute
setup - nss_map_{objectclass,attribute}).
> so we only have to either choose AD or
> LDAP for our one login/password. Since they cannot exist at the same
> time, what are people choice? Any idea would appreciate.
You're asking on a OpenLDAP list what people choose to run!? :)
In reality, if you CAN change then change. OpenLDAP is WAY faster on
exact the same hardware than AD. But sometimes you just CAN'T change,
so solve the issues/problems with what you have...