2008/2/12, Buchan Milne <bgmilne@staff.telkomsa.net>:
On Monday 11 February 2008 20:12:17 अनुज Anuj Singh wrote:
> On Feb 11, 2008 2:28 PM, Razi Garbie <boneybastard@gmail.com> wrote:
> > Hi everyone,
> >
> > I've spent countless of hours trying to figure out how to sync openLDAP
> > with my currently running windows/active directory, however.. i cant find
> > any information on how this is done.
> >
> > Im currently running windows/AD which authenticates ~20users all windows
> > boxes (obviously), however.. all windows users have accounts on the linux
> > machines i run and that makes administrative tasks a bit messy, hence i
> > have to make account changes on two different domains.
> >
> > The ideal setup is to setup setup a OpenLDAP server that is synced with
> > windows active directory, so that my users can authenticate against the
> > linux domain using their windows passwords.
> Yes it can be done, in my setup a user can login to linux machine ,
> this user does not exists on linux, beside it exists on windows active
> directory.

There are a number of well-known solutions to authenticating Unix servers to
Active Directory, however, the original question was about synchronisation
between OpenLDAP and Active Directory.

There are also other potential solutions for synching passwords from AD to
OpenLDAP, but the original question precluded this answer ...

So, maybe the original poster would like to re-pose the question.

(I personally dislike using AD for Unix user account details, as other
features of LDAP-aware Unix clients are not available when using AD)


Perhaps i should try to explain my situation a little bit better,

What i want to achive is corss-platform authentication between  windows/AD + workstations and linux (debian, centOS and redhat).
So i thought it would work to setup a OpenLDAP server on one of the boxes and clients on the other servers, and sync the OpenLDAP with my currently running Windows/AD, ive looked at various solutions on how to authenticate linux machines in Win/AD with winbind etc.

But i didnt really like that, considering i plan to run daemons/services that use ldap for authentication.

I hope i dont confuse things...
Bottom line is that i need a solution for cross platform authentication, so my users can authenticate to windows, to their linux shells and daemons running on the linux boxes (all using the same account information)

// Thanks for your help, Razi