[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP interop with AD questions

To: Christopher Barry <christopher.barry@qlogic.com>
Subject: Re: OpenLDAP interop with AD questions
From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Date: Fri, 14 Nov 2008 11:42:11 +0000
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <D158540CCC0AB54C8FD4818F823CCB24BFB8E8@EPEXCH1.qlogic.org>
References: <D158540CCC0AB54C8FD4818F823CCB24BFB8E8@EPEXCH1.qlogic.org>
User-agent: Mutt/1.5.13 (2006-08-11)

On Thu, Nov 13, 2008 at 07:27:44PM -0600, Christopher Barry wrote:

> The goal is to have a single user/password db in AD, and have all of the
> old NIS map data in OpenLDAP. SSO would be a nice to have feature too.
> I've read more stuff than I can count, but I'm still more than a little
> confused.

You might want to consider pass-through authentication:

http://www.openldap.org/doc/admin24/security.html#Pass-Through%20authentication

That would allow you to keep non-Windows data in OpenLDAP but
still use AD to check passwords.

Doing tricks like that does leave you open to more failure modes:
loss of connectivity to AD, failure of the SASL daemon etc.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

References:
- OpenLDAP interop with AD questions
  - From: "Christopher Barry" <christopher.barry@qlogic.com>

Prev by Date: Re: OpenLDAP interop with AD questions
Next by Date: Debugging a user authentication
Index(es):
- Chronological
- Thread