Re: OpenLDAP+Active Directory
On Tue, Jan 22, 2008 at 01:14:47AM -0800, Howard Chu wrote:
Aiko Barz wrote:
> Hello,
>
> is it possible to create an Active Directory forest with multible
> subdomains and make those informations available for one Linux
> machine?
> Right now, we have one domain and it is possible to do authentication
> against the Active Directory, while using OpenLDAP, PAM and Kerberos.
There's nothing in OpenLDAP that would prevent this. This is a question
more suited to either the pam_ldap or nss_ldap mailing lists. The only
problem is you might have cn=userA representing two different users in
both domains at once, and you'll have to have some kind of policy for
dealing with those situations.
Hello,
I was testing a subdomain configuration and I wondered: What happened
to the -C switch? And will there be support for following referrals
with credentials?
Debian/Testing:
$ ldapsearch -h 2>&1| grep "\-C" | wc -l
0
$ ldapsearch -VV
ldapsearch: @(#) $OpenLDAP: ldapsearch 2.4.7 (Jan 22 2008 00:11:57) $
buildd@ninsei:/build/buildd/openldap2.3-2.4.7/debian/build/clients/tools
(LDAP library: OpenLDAP 20407)
So long,
Aiko
--
:wq ✉
Attachments:
- signature.asc (application/pgp-signature — 189 bytes)