[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: AD pass through to Openladp?
Am 06.06.2014 20:54, schrieb Justin Stanczak:
> Is there a method of connecting Active Directory to use OpenLDAP as
> the authentication source. So pass through to OpenLDAP. Making
> OpenLDAP the primary system with all the passwords and usernames. I
> realize this might be more of a AD question, but the places I've
> looked seem to always make AD the primary. Then everyone else must
> proxy to AD. Thanks.
May be you could achieve such with a realm trust between any
non-Windows Kerberos version 5 (V5) realm and an Active Directory domain
and use a Kerberos system that can be configured to use OpenLDAP as data
backend. But that is just a mere guess.
But what you also could do is provision AD from OpenLDAP. For the
password you would need to have the clear text stored in a reversible
encrypted way (we use X509 asymmetric encryption in our projects), or
create the AD hashes and store them in OpenLDAP, when a user changes her
password. Both is quite some work but doable and makes sense within a
broader identity management project.
What you also could do is get away with AD and use samba with OpenLDAP
backend instead ;-)
Just some thoughts, hoping it helps,
Peter
--
Peter Gietz, CEO
DAASI International GmbH
Europaplatz 3
D-72072 TÃbingen
Germany
phone: +49 7071 407109-0
fax: +49 7071 407109-9
email: peter.gietz@daasi.de
web: www.daasi.de
Sitz der Gesellschaft: TÃbingen
Registergericht: Amtsgericht Stuttgart, HRB 382175
GeschÃftsleitung: Peter Gietz