l 25-05-2010 1:50, Michael Ströder
escribió:
"Veloso Varas, Sebastián (TECH-IT)" wrote:I would like to know if any of you. has had experience of integration of AD with LDAP. My idea is to have a core LDAP and AD users consume.Not sure what you really want. If you want simple replication from OpenLDAP to AD this is not possible out-of-the-box. OpenLDAP need to have a root domain that has the "sitio.int." I have a Windows 2003 Server Active Directory that has the root domain "Ad.int." I need the AD users are housed in the OpenLDAP. Is it possible to replicate the users? Or both must have the same domain name? Can they live together in a single LDAP server domain "sitio.int" and "ad.int" To avoid problems with passwords, I made a web application. NET is able to change the key"I have a concern would be the root domain and AD ldap.sitio.int eg ad.sitio.int would not? LDAP (sitio.int) -------> AD (sitio.int)You're mixing AD and pure LDAPv3 terms here. Probably because with AD the DNS domain name and the LDAP naming context are tightly coupled. Anyway this is the least of the problem.I am implementing this scheme for a unified authentication issue, working through cross-platform and I must be based on an LDAP.What authentication mechanism do you want to use. Simple bind with password? Kerberos (SASL/GSSAPI)? Etc.... in OpenLDAP and AD, therefore, the user is given the password and change it with this application. You should really try to explain in more detail what you want to achieve. Ciao, Michael. |