LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Chaining Openldap to Active Directory (http://www.linuxquestions.org/questions/linux-server-73/chaining-openldap-to-active-directory-4175422286/)

Felipe 08-15-2012 07:29 PM

Chaining Openldap to Active Directory
 
Hello:

I'm using Openldap. But I want to chain some searches to Active Directory.
Example:
Quote:

- domain.com --> Entities stored in Openldap.
- ad.red -- > Entities stored in Active Directory.
What I try is to use openldap as a front-end that solves queries of domain.com an ad.red (chaining).
- Can any tell me how can be configured openldap for this (don't need secure connections with ldaps).
And a second question:
- Can any tell me how to pass authentication from opemldap to Active Directory using users/password and/or kerberos?

Thanks

ferricoxide 08-15-2012 08:21 PM

Quote:

Originally Posted by Felipe (Post 4755055)
Hello:

I'm using Openldap. But I want to chain some searches to Active Directory.
Example:


What I try is to use openldap as a front-end that solves queries of domain.com an ad.red (chaining).
- Can any tell me how can be configured openldap for this (don't need secure connections with ldaps).
And a second question:
- Can any tell me how to pass authentication from opemldap to Active Directory using users/password and/or kerberos?

Thanks

Not exactly sure what you're referring to by "chaining".

At any rate, Active Directory is an LDAP system (granted, it's also Kerberos extensions to it, but still...). As such, you can query AD with the standard LDAP tools so long as you have an account in the directory to proxy your requests with. So, treat it like any other LDAP source - use the normal extensions to OpenLDAP that you would for any multi-source query system.

You'd probably want to look at OpenLDAP's "meta" backend for linking multiple LDAP sources into a common query-space.

Felipe 08-16-2012 05:44 PM

Thanks for reply:

When I talk about chaining is about: http://www.openldap.org/doc/admin24/....html#Chaining.

But there it talks about configuring slave ldap and I think that it can be done configuring them master to send requests to slaves (I can't modify Active Directory configuration).
I try to configure openldap to work as a proxy for different ldaps, including Active Directory. All requests are received by openldap which has the data or knows where the data is stored and asks for it and sends it to the client.

I've found different pages talking about it, but I've not been able to make it work. So I'd like to know if someone has been able to do it and how.

Thanks again


All times are GMT -5. The time now is 09:11 AM.