-   Linux - Server (
-   -   Extend Active Directory with OpenLdap (

Felipe 04-01-2008 06:59 AM

Extend Active Directory with OpenLdap
Im trying to extend Active Directory(ADS) with OpenLdap.

I can access to ADS for search, but not to modify it. So Im trying to configure OpenLdap to extend information of ADS.
Ex: Create new groups in OpenLDAP with users of ADS.

1- Is it possible? Any reference/documentation about it?

2- Is possible that Clients connect to OpenLDAP and information not found in OpenLDAP be searched by server in DAS?


acid_kewpie 04-01-2008 07:49 AM

nope. why would you want to do that?? you can extend AD with AD schemas and you could arbitrarily add information in which you could refer to other groups, but it'd be your call to use that information.

Felipe 04-01-2008 07:56 AM

I cant modify ADS. Im only a DAS user (cant administer) it.

acid_kewpie 04-01-2008 08:11 AM

well TBH then it would seem that it's not your place to want to mess about with it... what do you really want to achieve??

Felipe 04-03-2008 02:59 AM

Thanks for your reply.

My English isnt very good but Ill try.

My company use DAS (Active Directory) as repository for all the users accounts. Im the manager for some applications. The ADS contains a lot information, but not all I need. And I access it with ldapsearch command, but cant modify it (or I can modify a few objects only).
So what I try is to extend the LDAP with another LDAP (if possible, Openldap). Ex: Iwant to create groups in my ldap (OpenLdap) with users of DAS.
What I try is to inquire OpenLDAP. If information is stored there (openldap), it directly returns me the information. If information is stored in ADS, it inquires the ADS and returns me with the information.

Im trying with referral, but not sure if its possible.

Also, id like to use the login/password of the DAS to connect to OpenLap (suppose its possible with kerberos. isnt it?).



Felipe 04-04-2008 03:24 AM

Does any know if its possible to use this objects to get it? How can be possible?



acid_kewpie 04-04-2008 03:28 AM

you would need to query the AD with your take, take out what you need and then in isolation go query your openldap server totally seperately.

All times are GMT -5. The time now is 07:15 PM.