[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authenticating OpenLDAP client with AD



Hi,

yes that is another possibility I wanted to show you.
By searching I found another, but probably not open, method to do it.
http://www.likewise.com/

Good luck.

On Sat, Oct 23, 2010 at 14:52, Vinay Kalkoti <kalkoti.vinay@gmail.com> wrote:
> Hi Benjamin,
>
> Are you hinting at running the openldap server instead of openldap
> client and sync the required accounts using replication and
> authenticate againt the openldap server locally ?
>
> Thanks,
> Vinay
>
> On 10/23/10, Benjamin Griese <der.darude@gmail.com> wrote:
>> Hi vinay,
>>
>> you may take a look at this:
>> http://sourceforge.net/projects/acctsync/
>>
>> It's not exactly what you want, but can help you reaching the goal. :)
>>
>> Bye, Benjamin.
>>
>> On Sat, Oct 23, 2010 at 12:22, Vinay Kalkoti <kalkoti.vinay@gmail.com>
>> wrote:
>>> Hi,
>>>
>>> I am working on authenticating OpenLDAP client with AD server. I saw
>>> lots of examples which map the rfc2307bis schema using nss_schema
>>> attribute in ldap.conf file
>>>
>>> # Enable support for RFC2307bis (distinguished names in group
>>> # members)
>>> nss_schema rfc2307bis
>>>
>>> and also, map the attributes of the rfc2307bis to the AD server schema
>>> attributes.
>>>
>>> nss_map_attribute uid msSFU30Name
>>> nss_map_attribute uidNumber msSFU30UidNumber
>>> nss_map_attribute gidNumber msSFU30GidNumber
>>> nss_map_attribute loginShell msSFU30LoginShell
>>> nss_map_attribute gecos name
>>> nss_map_attribute userPassword msSFU30Password
>>> nss_map_attribute homeDirectory msSFU30HomeDirectory
>>>
>>>
>>> Isn't there a way I can fetch the schema from the AD server and set it
>>> using nss_schema ?.
>>>
>>> Basically, I am looking at fetching the schema/objectClass/Attributes
>>> from the LDAP/AD server and make them as a client schema's so that I
>>> don't have to keep doing the mapping using nss_map_attribute and
>>> nss_schema.
>>>
>>> I am new to LDAP world, and I am sorry if I my question doesn't make any
>>> sense.
>>>
>>> I have seen lots of enterprise products which integrate with LDAP/AD.
>>> They provide a user interface to map the server side schema
>>> objectClass and attributes. I am trying to see if I can get rid of
>>> this and do it internally.
>>>
>>> Thanks,
>>> Vinay
>>>
>>
>>
>>
>> --
>> To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To
>> be is to do -- Sartre | Do be do be do -- Sinatra
>>
>



-- 
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To
be is to do -- Sartre | Do be do be do -- Sinatra