Re: Integration OpenLDAP - MS Active Directory

["Veloso Varas, Sebastián (TECH-IT)" <sveloso@tech-it.cl>]

l 25-05-2010 1:50, Michael Ströder escribió:

"Veloso Varas, Sebastián (TECH-IT)" wrote:
  

I would like to know if any of you. has had experience of integration of
AD with LDAP. My idea is to have a core LDAP and AD users consume.
    

Not sure what you really want. If you want simple replication from OpenLDAP to
AD this is not possible out-of-the-box.
  

OpenLDAP need to have a root domain that has the "sitio.int." I have a Windows 2003 Server Active Directory that has the root domain
"Ad.int." I need the AD users are housed in the OpenLDAP. Is it possible to replicate the users? Or both must have the same domain name?
Can they live together in a single LDAP server domain "sitio.int" and "ad.int"

"I have a concern would be the root domain and AD ldap.sitio.int eg
ad.sitio.int would not?

LDAP (sitio.int) -------> AD (sitio.int)
    

You're mixing AD and pure LDAPv3 terms here. Probably because with AD the DNS
domain name and the LDAP naming context are tightly coupled. Anyway this is
the least of the problem.

  

I am implementing this scheme for a unified authentication issue,
working through cross-platform and I must be based on an LDAP.
    

What authentication mechanism do you want to use. Simple bind with password?
Kerberos (SASL/GSSAPI)? Etc....
  

To avoid problems with passwords, I made a web application. NET is able to change the key
in OpenLDAP and AD, therefore, the user is given the password and change it with this application.

You should really try to explain in more detail what you want to achieve.

Ciao, Michael.