On Feb 11, 2008 2:28 PM, Razi Garbie <boneybastard(a)gmail.com> wrote:
I've spent countless of hours trying to figure out how to sync openLDAP with
my currently running windows/active directory, however.. i cant find any
information on how this is done.
Im currently running windows/AD which authenticates ~20users all windows
boxes (obviously), however.. all windows users have accounts on the linux
machines i run and that makes administrative tasks a bit messy, hence i have
to make account changes on two different domains.
The ideal setup is to setup setup a OpenLDAP server that is synced with
windows active directory, so that my users can authenticate against the
linux domain using their windows passwords.
Yes it can be done, in my setup a user
can login to linux machine ,
this user does not exists on linux, beside it exists on windows active
I am getting these results.
suppose I have a user , say "bharat",
user bharat exists on windows active directory and on linux machine it
does not exists.
Now with few configurations user bharat can login to linux box though
it does not exists on linux.
Linux is getting authentication from windows active directory.
a.) I don't have to create a user account on linux machine.
b). My users on active directory can login to linux machine with same
passwords assigned on windows ad.
c). User can change their password from linux shell (still testing the
exact thing which I am getting), but it is confirmed that after
changing password from linux shell I have new password working, will
let you more.
I tried this thing.
1.) On windows first installed AD, then SFU (service for unix) which
gives a unix attribute setting to active directory user properties.
2.) Added a user on active directory.
3.) changed /etc/ldap.conf so that it can bind linux machine with AD.
4.) changed /etc/nsswitch.conf to have ldap authentication
5.) changed pam configuration
6.)authconfig settings to have ldap
I am still working on this thing, exact procedure which i followed I
am documenting it. e.g. file changes,
in the mean time you can visit the following page. it is among many
other pages which I followed.
I used RHEL5 and windows AD , working on RHEL4 to reproduce the results.
what os are you using?
(linux machines/-ldap clients) - > OpenLDAP <--SYNC --> Win/AD <- (windows
Thats how i imagine the setup will look like.
Has anyone ever done this?
Any help is greatly appreciated!
// Thanks, boney