[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Use active directory to check password but keep all user data in LDAP
- To: Mattias Segerdahl <mattias.segerdahl@jeppesen.com>
- Subject: Re: Use active directory to check password but keep all user data in LDAP
- From: "A. P. Garcia" <a.phillip.garcia@gmail.com>
- Date: Wed, 28 May 2014 06:34:24 -0500
- Cc: openldap-technical@openldap.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=DNhgK7+W+odkRqbPiCk3K4yQqMq935rO8XXEjnx3Urk=; b=RRjRQaEUabmvXBtGbIxNt3XnLRAUao/J5xhDe11a3qfCM6Kq1RDrxTXEd+ISbEcDkO 6jq8gP9GVX3s63z3yCKfOzYjD1CLxwVFGy+Hc1qO76MzR4acRFTquTW4K/OyYT9n/0Zb LFrthL0EQpU7eZSQ7AKaAVEwgvYD2B0IVXAOK67HpOIergTt6MkozUSm1yotKmXXh7Vc vW4xJon8L/ZUGCnk3xGggqnkIXzPx9CSVAzhThHqg36ZUSsUu3vv+PQOSykn7ODv3EGq P4jS7tYRaS6dDs4VH/G8t4Vmwz06dbAOFS+S65dxVPYMOCEZLYkIabYgQQTYk1FP7F/R 7VNQ==
- In-reply-to: <CFAB85D9.59C6C%mattias.segerdahl@jeppesen.com>
- References: <CFAB85D9.59C6C%mattias.segerdahl@jeppesen.com>
On May 28, 2014 5:40 AM, "Mattias Segerdahl" <mattias.segerdahl@jeppesen.com> wrote:
>
> Hello,
>
> I was wondering if it is possible to configure OpenLDAP 2.4 to only check the password validation with Active Directory and have the rest of the user attributes, such as mail, loginShell, homeDirectory, etc. come from OpenLDAP? Any pointers, guides, howtoâs or even âlet me google that for youâ are highly appreciated.
>
> Cheers
>
> Mattias
Hmm, i've never done that, but if you do it i'd recommend using AD with Kerberos. But if you're using AD already, why have a separate LDAP server for your nsswitch data when AD also supports the rfc2307 schema? Maybe better to use OpenLDAP plus MIT or heimdal. If you need a Windows domain controller, maybe take a look at samba 4: https://lists.samba.org/archive/samba-technical/2014-May/100016.html