On Tue, 2009-09-15 at 10:53 +0200, MMoj@timocom.com wrote:
Hello everyone,
I´m having a hard time. I should enable the sync of an AD (W2K3) and an LDAP (CentOS 5.3) server based on the mentioned System. I realy don ´t know how to establish a sync of user Account, Groups, etc.
I have a test envirometn running with W2K3 AD and CentOS 5.3 LDAP witch Kerberos for SSO (Single-Sign-ON) but the Information are still located in the AD not in the LDAP and I want to Authenticate against the LDAP server. I realy don´t know how to configure the AD / LDAP so sync, or to replicate the AD into LDAP.
Can someone help me out with a good "How-To" or maybe some config files, etc.
There seems to be a common confusion about AD. AD comprises two elements: LDAP server and Kerberos server. User information (accounts, groups) are stored in LDAP. User passwords are stored in Kerberos.
You can replicate (sync) AD LDAP server to openldap, but you will have only authorization information (users, groups) not the authentication information (passwords). Therefore you can not authenticate against LDAP.
In order to get your thing working, you'd have to replicate Kerberos information too. It is possible, however I myself never seen a consistent how-to which describes OpenLDAP/MIT_Kerberos AD replacement.
Martin.