On 15/02/11 20:52 +, Ari Constancio wrote:
>Hi,
>
>We're about to introduce Active Directory in an environment based on
>LDAP (OpenLDAP) for accounts. Password synchronization should be
>bidirectional if possible.
>I'd like to hear any advice on how folks are integrating AD and LDAP servers.
>
one thing you can do is just use pam_krb5 to do kerberos auth against AD
(probably cross-realm with unix host principals in an MIT server and user
princs in AD).
that will handle authentication and give you something like single-signon
and leverage AD for password rotation, etc. then you can
On 02/15/2011 03:52 PM, Ari Constancio wrote:
> Hi,
>
> We're about to introduce Active Directory in an environment based on
> LDAP (OpenLDAP) for accounts. Password synchronization should be
> bidirectional if possible.
> I'd like to hear any advice on how folks are integrating AD and LDAP server
pGina might be worth a look, if you're tolerant of Open Source
software in your setup. It's kind of an end-run around the issue: it
replaces (or forms part of the chain) the built-in authentication
mechanism in Windows with a plug-in based system. One such plugin is
for LDAP authentication. Thin
On Tue, 15 Feb 2011, Ari Constancio wrote:
> We're about to introduce Active Directory in an environment based on
> LDAP (OpenLDAP) for accounts. Password synchronization should be
> bidirectional if possible.
> I'd like to hear any advice on how folks are integrating AD and LDAP servers.
We are
Hi,
We're about to introduce Active Directory in an environment based on
LDAP (OpenLDAP) for accounts. Password synchronization should be
bidirectional if possible.
I'd like to hear any advice on how folks are integrating AD and LDAP servers.
Regards,
Ari Constancio
__
