On Fri, 2008-11-14 at 09:51 +0000, Martin Simovic wrote: > On Thu, 2008-11-13 at 19:27 -0600, Christopher Barry wrote: > > Hi All, > > > > I'm still researching methods, and trying to find the best way to > > integrate our Unix hosts with AD in a way that makes sense for us. > > > > The goal is to have a single user/password db in AD, and have all of the > > old NIS map data in OpenLDAP. SSO would be a nice to have feature too. > > I've read more stuff than I can count, but I'm still more than a little > > confused. > > > > The translucent overlay looks cool (if it'll even work with AD), but I'm > > not sure it's the right answer for us with respect to keeping the maps > > local to OpenLDAP. > > > > Any suggestions or doc links you can post? > > > > Hi, > > AD is basically a combination of ldap and kerberos. ldap contains the > user database (authorization) and kerberos the passwords > (authentication) AD is much, much more than that. If AD was that simple, then Samba4 would be well-finished by now. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
Attachment:
signature.asc
Description: This is a digitally signed message part