This is probably better posted on the Kerberos list, but can Kerberos server work with AD? Meaning set up a Kerberos server (not MS) to authenticate users, and AD accepts tickets from that?
On Tue, Jun 10, 2014 at 9:36 AM, Stewart Walters <[email protected]> wrote: > Hi Justin, > > My emails don't seem to arrive to the openldap-technical list. > > But, (and please note, I've never actually done this before) you could use > a virtual LDAP directory front-end to combine portions of both AD and > OpenLDAP to provide clients with a single unified view. In theory the > client can't tell the difference between data from one or the other (though > I imagine that the theory and the practice of this is completely different, > which is why I've never attempted this). > > Such products that provide this are MyVD (http://myvd.sourceforge.net/) > and some commercial ones like RadiantOne VDS, Virtual Identity Server, > Virtual LDAP Server EE > > However all of that complicates what should be a relatively simple thing - > storing and retrieving an identity held within a directory. I wouldn't > recommend looking at virtual directories as a way forward, you're likely to > run in to bigger problems by over engineering the solution. > > I find its best to keep things simple. Either keep the OpenLDAP and AD > identities separate between the two directories, or if you have to, look > towards suggestions made by others (such as using Kerberos V5 Trusted > Realm+OpenLDAP; or Samba+OpenLDAP). > > Best of luck, > > Stewart > > >
