Am 06.06.2014 20:54, schrieb Justin Stanczak:
Is there a method of connecting Active Directory to use OpenLDAP as the authentication source. So pass through to OpenLDAP. Making OpenLDAP the primary system with all the passwords and usernames. I realize this might be more of a AD question, but the places I've looked seem to always make AD the primary. Then everyone else must proxy to AD. Thanks.
May be you could achieve such with a realm trust between any non-Windows Kerberos version 5 (V5) realm and an Active Directory domain and use a Kerberos system that can be configured to use OpenLDAP as data backend. But that is just a mere guess.
But what you also could do is provision AD from OpenLDAP. For the password you would need to have the clear text stored in a reversible encrypted way (we use X509 asymmetric encryption in our projects), or create the AD hashes and store them in OpenLDAP, when a user changes her password. Both is quite some work but doable and makes sense within a broader identity management project.
What you also could do is get away with AD and use samba with OpenLDAP backend instead ;-)
Just some thoughts, hoping it helps,
Peter