Hi - I have installed Active directory authentication for windows servers and users and LDAP for Linux servers, now I am planning to use single sign on system windows and Linux. How can I sync with these two directory?
I would appreciate your advice!
Thanks, PB
Paul bob uask2009@gmail.com writes:
Hi - I have installed Active directory authentication for windows servers and users and LDAP for Linux servers, now I am planning to use single sign on system windows and Linux. How can I sync with these two directory?
I would appreciate your advice!
Just ask Microsoft to implement RFC 4533 :-) To be serious, there are a few methods to get this done. The question is wether you want to synchronise OpenLDAP --> Active Directory, or vice versa. To synchronise OpenLDAP --> AD I shameless use slurpd, but have written a perlscript (stolen from Kolab) that reads the slurpd logfiles, modifies the attributes and adds entries to AD.
-Dieter
Paul,
On Tue, Feb 03, 2009 at 01:37:26PM -0500, Paul bob wrote:
Hi - I have installed Active directory authentication for windows servers and users and LDAP for Linux servers, now I am planning to use single sign on system windows and Linux. How can I sync with these two directory?
If you're thinking about replicating Active Directory user accounts on your LDAP server and using those accounts for authenticating users on Linux systems, the task is non-trivial. First of all, AD uses different object classes representing accounts than Linux systems connected to LDAP directory. Second, different mechanisms (including encryption types) are used to authenticate users. Directory replication (by means of plain LDAP) will not give you enough data, to perform real single sign on.
cheers,
openldap-technical@openldap.org
-
Dieter Kluenter -
Paul bob -
Rafal Szczesniak