Andrew Bartlett wrote:
On Tue, 2008-05-06 at 16:41 -0400, Rich West wrote:
I am not entirely sure where to ask this particular question, and I apologize in advance if this is not the correct forum...
We have an AD infrastructure and we'd like to get all of our unix boxes to authenticate against the AD servers.
You really should be looking at Samba and winbind. There we handle all the messy details of dealing with AD.
If you want (say, for reasons of reducing dependence on AD) to use your own replicated directory, then this is quite possible (and OpenLDAP would be a fine DS for that purpose), but this gets painful with passwords etc.
Interesting.. I was not aware that there was a pam hook for user/password auth.
If I were to do an OpenLDAP replica, it would be read-only, which should make things a little easier (I hope). Again, if I went down that route, I am not sure exactly how to proceed (write a perl script to perform the right ldapsearch to pull all of the users entries to build the ldif file which then gets slurped in to openldap? write a perl script to use the ldap lib to grab each entry and insert it in to openldap?)
-Rich