The data between the two would be different, and I don't think a gateway would be too difficult. My main concern is the passwords. I don't know how to update AD or make AD use LDAP for authentication. Peter's Kerberos suggestion seems like a good option. I don't really care if AD and OpenLDAP know about each other or not. I don't really want to do a mass password reset to sync.
On Fri, Jun 6, 2014 at 4:02 PM, Tobias Crefeld <[email protected]> wrote: > Am Fri, 6 Jun 2014 14:54:15 -0400 schrieb Justin Stanczak > <[email protected]>: > > > Is there a method of connecting Active Directory to use OpenLDAP as > > the authentication source. So pass through to OpenLDAP. Making > > OpenLDAP the primary system with all the passwords and usernames. > > AD is more or less another LDAP service, so I estimate that you are > looking for a way to replicate the whole tree or a part of OpenLDAP to > Active Directory. > > I have never seen that live but I could imagine that the main problem > is that you are using a different schema for user management of your > applications on OpenLDAP than MS systems are expecting from their AD. So > you might need a kind of gateway for this replication, if you don't want > to align your software to MS schema. > And this must work bidirectional because MS admins probably still want > to use their GUI tools for administration. > > -- > Gruß, > Tobias. > > no email, only xmpp: [email protected] > >
