The data between the two would be different, and I don't think a gateway would be too difficult. My main concern is the passwords. I don't know how to update AD or make AD use LDAP for authentication. Peter's Kerberos suggestion seems like a good option. I don't really care if AD and OpenLDAP know about each other or not. I don't really want to do a mass password reset to sync.


On Fri, Jun 6, 2014 at 4:02 PM, Tobias Crefeld <tclx@klekih-petra.de> wrote:
Am Fri, 6 Jun 2014 14:54:15 -0400 schrieb Justin Stanczak
<rizenine@gmail.com>:

> Is there a method of connecting Active Directory to use OpenLDAP as
> the authentication source. So pass through to OpenLDAP. Making
> OpenLDAP the primary system with all the passwords and usernames.

AD is more or less another LDAP service, so I estimate that you are
looking for a way to replicate the whole tree or a part of OpenLDAP to
Active Directory.

I have never seen that live but I could imagine that the main problem
is that you are using a different schema for user management of your
applications on OpenLDAP than MS systems are expecting from their AD. So
you might need a kind of gateway for this replication, if you don't want
to align your software to MS schema.
And this must work bidirectional because MS admins probably still want
to use their GUI tools for administration.

--
Gruß,
 Tobias.

 no email, only xmpp: crefeld@xabber.de