On May 28, 2014 5:40 AM, "Mattias Segerdahl" <[email protected]> wrote: > > Hello, > > I was wondering if it is possible to configure OpenLDAP 2.4 to only check the password validation with Active Directory and have the rest of the user attributes, such as mail, loginShell, homeDirectory, etc. come from OpenLDAP? Any pointers, guides, howto’s or even “let me google that for you” are highly appreciated. > > Cheers > > Mattias
Hmm, i've never done that, but if you do it i'd recommend using AD with Kerberos. But if you're using AD already, why have a separate LDAP server for your nsswitch data when AD also supports the rfc2307 schema? Maybe better to use OpenLDAP plus MIT or heimdal. If you need a Windows domain controller, maybe take a look at samba 4: https://lists.samba.org/archive/samba-technical/2014-May/100016.html
