Am 06.06.2014 20:54, schrieb Justin Stanczak:
May be you could achieve such with a realm trust between any> Is there a method of connecting Active Directory to use OpenLDAP as
> the authentication source. So pass through to OpenLDAP. Making
> OpenLDAP the primary system with all the passwords and usernames. I
> realize this might be more of a AD question, but the places I've
> looked seem to always make AD the primary. Then everyone else must
> proxy to AD. Thanks.
non-Windows Kerberos version 5 (V5) realm and an Active Directory domain
and use a Kerberos system that can be configured to use OpenLDAP as data
backend. But that is just a mere guess.
But what you also could do is provision AD from OpenLDAP. For the
password you would need to have the clear text stored in a reversible
encrypted way (we use X509 asymmetric encryption in our projects), or
create the AD hashes and store them in OpenLDAP, when a user changes her
password. Both is quite some work but doable and makes sense within a
broader identity management project.
What you also could do is get away with AD and use samba with OpenLDAP
backend instead ;-)
Just some thoughts, hoping it helps,
Peter