Am 06.06.2014 20:54, schrieb Justin Stanczak: > Is there a method of connecting Active Directory to use OpenLDAP as > the authentication source. So pass through to OpenLDAP. Making > OpenLDAP the primary system with all the passwords and usernames. I > realize this might be more of a AD question, but the places I've > looked seem to always make AD the primary. Then everyone else must > proxy to AD. Thanks.
May be you could achieve such with a realm trust between any non-Windows Kerberos version 5 (V5) realm and an Active Directory domain and use a Kerberos system that can be configured to use OpenLDAP as data backend. But that is just a mere guess. But what you also could do is provision AD from OpenLDAP. For the password you would need to have the clear text stored in a reversible encrypted way (we use X509 asymmetric encryption in our projects), or create the AD hashes and store them in OpenLDAP, when a user changes her password. Both is quite some work but doable and makes sense within a broader identity management project. What you also could do is get away with AD and use samba with OpenLDAP backend instead ;-) Just some thoughts, hoping it helps, Peter -- Peter Gietz, CEO DAASI International GmbH Europaplatz 3 D-72072 Tübingen Germany phone: +49 7071 407109-0 fax: +49 7071 407109-9 email: [email protected] web: www.daasi.de Sitz der Gesellschaft: Tübingen Registergericht: Amtsgericht Stuttgart, HRB 382175 Geschäftsleitung: Peter Gietz
