Do you plan on making ALL your own schema changes to OpenLDAP to accommodate Exchange? There is no feasible way to do this in my eyes. Your best bet would be to find a mail server that actually used OpenLDAP or migrate the users (which wouldn't be all that hard, except the passwords) to AD and use Exchange.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Depp, Dennis M. Sent: Wednesday, August 11, 2004 6:27 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] replacing AD with openldap Lara, Can you tell us why you want to authenticate with OpenLDAP instead of Active Directory? When you connect directly to Exchange, are you authenticating with Active Directory or OpenLdap? Dennis -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lara Adianto Sent: Wednesday, August 11, 2004 2:40 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] replacing AD with openldap >Lara, where do you get that OWA is doing an LDAP query for auth? OWA nor >anything in the Windows world should be using LDAP auth, it should always be >using kerberos and if that isn't working fall through to NTLM. I disabled the Integrated Windows Authentication for Exchange directory...and enabled only Basic authentication. Then, I captured the packet with ethereal and saw that it queried AD with filter cn=lara,cn=users,cn=configuration, dc=adianto,dc=com or some sort of that (I forgot the exact query). There are a lot of ldap queries being captured...not only that one actually....seems very complicated... I don't really understand how Basic authentication and NTLM work... >Also as usual, Al is right on in terms of the integration between >AD/Exchange. To even have an Exchange Mailbox you will need an AD user >object and you aren't going to force AD to use OpenLDAP to authenticate that >user. Oh well...then will i have greater chance with SAMBA ? I found this link: http://lists.samba.org/archive/samba/2004-February/080654.html which gave me an idea to authenticate OWA to samba PDC which will in turn use PAM_LDAP to talk to openldap. But well, it seems very tedious, and no guarantee that it will work. I mean, even if the OWA authentication works, will there be anything that prevent me to get the sendmail/pop3/imap or mailbox whatsoever to work ? I suppose it's not possible to make OWA to talk to pam_ldap directly ? I'm very new to all these...and not aware with the stumbling blocks that might prevent me to achieve my objective above... Perhaps the experts out there can give me some hints or tips ? thanks again, =lara= Lara Adianto <[EMAIL PROTECTED]> wrote: >I suppose the first question that comes to mind is, why? Exchange OWA >is going to require you to eventually identify and authenticate to Active >Directory. What's the use of doing it in openldap first? I have openldap server populated with the user credentials...and I don't want to replicate this information to AD. Shortly, I don't want to store username + password in AD. >As it stands, I have not heard of anyone being able to change OWA's >authentication to a separate LDAP directory. Exchange and Active >Directory are married on too many levels. Yes, I'm aware of this. That's why I posted this question. I can't find any information on the net. If it's not possible to direct the ldap queries to openldap, would it be possible to achieve my goals (to authenticate using openldap) by some other means ? using PAM or Samba maybe ? Hope this is clearer. Btw, I don't intend to replace the mail server with openldap. I'm just concerned with the user authentication. Thanks for the response, lara -----Original Message----- From: [EMAIL PROTECTED] <http://us.f502.mail.yahoo.com/ym/[EMAIL PROTECTED] dir.org&YY=40965&order=down&sort=date&pos=0&view=a&head=b> [mailto:[EMAIL PROTECTED] <http://us.f502.mail.yahoo.com/ym/[EMAIL PROTECTED] dir.org&YY=40965&order=down&sort=date&pos=0&view=a&head=b> ] On Behalf Of Lara Adianto Sent: Tuesday, August 10, 2004 5:39 AM To: [EMAIL PROTECTED] <http://us.f502.mail.yahoo.com/ym/[EMAIL PROTECTED] g&YY=40965&order=down&sort=date&pos=0&view=a&head=b> Subject: [ActiveDir] replacing AD with openldap Hi, One of Outlook Web Access 2003's authentication method is basic authentication which does an ldap query to Active Directory for the username & password. Is it possible to configure it to query an external ldap server (such as Openldap) instead of to active directory ? My objective is to make OWA to use LDAP authentication. My LDAP server is openldap. regards, lara ------------------------------------------------------------------------ ------------ La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit - Guy de Maupassant - ------------------------------------------------------------------------ ------------ __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------ ------------ La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit - Guy de Maupassant - ------------------------------------------------------------------------ ------------ __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
