[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: AD + Openldap integration
Andrew Bartlett wrote:
> On Tue, 2008-05-06 at 16:41 -0400, Rich West wrote:
>
>> I am not entirely sure where to ask this particular question, and I
>> apologize in advance if this is not the correct forum...
>>
>> We have an AD infrastructure and we'd like to get all of our unix boxes
>> to authenticate against the AD servers.
>>
>
> You really should be looking at Samba and winbind. There we handle all
> the messy details of dealing with AD.
>
> If you want (say, for reasons of reducing dependence on AD) to use your
> own replicated directory, then this is quite possible (and OpenLDAP
> would be a fine DS for that purpose), but this gets painful with
> passwords etc.
Interesting.. I was not aware that there was a pam hook for
user/password auth.
If I were to do an OpenLDAP replica, it would be read-only, which should
make things a little easier (I hope). Again, if I went down that route,
I am not sure exactly how to proceed (write a perl script to perform the
right ldapsearch to pull all of the users entries to build the ldif file
which then gets slurped in to openldap? write a perl script to use the
ldap lib to grab each entry and insert it in to openldap?)
-Rich