On 15/09/2009 10:53, MMoj(a)timocom.com wrote:
I´m having a hard time. I should enable the sync of an AD (W2K3) and an
LDAP (CentOS 5.3) server based on the mentioned System. I realy don´t
know how to establish a sync of user Account, Groups, etc.
I have a test envirometn running with W2K3 AD and CentOS 5.3 LDAP witch
Kerberos for SSO (Single-Sign-ON) but the Information are still located
in the AD not in the LDAP and I want to Authenticate against the LDAP
server. I realy don´t know how to configure the AD / LDAP so sync, or to
replicate the AD into LDAP.
Can someone help me out with a good "How-To" or maybe some config files,
It sounds like you're facing several problems here:
1) How to sync user accounts and groups from AD to OpenLDAP
2) How to authenticate users
To address 1, you will need a tool that reads from AD, and writes to
OpenLDAP. Many people write their own scripts, although I recommend you
look at http://lsc-project.org
To address 2, you need to decide how you want authentication to work.
You could setup OpenLDAP to redirect BIND attemps to the AD, via LDAP
(using saslauthd and spasswd), keeping passwords in AD.
If you want to be able to authenticate on OpenLDAP without requiring
access to the AD servers, you'll want passwords in OpenLDAP too. It's
not generally possible to extract them from AD, so you'll need to set
new ones in OpenLDAP, and maybe sync them to your AD.