on w2k8 you have the unix schema extensions for AD, and they work very well when using AD purely as an LDAP interface for RHEL. I think I'm referring to the NIS stuff you are, SNIS, but I don't actually know if that is what it's called. It was just there already on the servers I was recently looking at. It refers to NIS on the settings in AD, but I would only consider using it for LDAP, and ignore any actual NIS contexts.
You might have a little bit of fun mangling your ldap.conf (EL5) / nslcd.conf & pam_ldap.conf (EL6) to match the attribute names up, but there should be suitable defaults in the config files to get you most of the way, if not all. And once you've configured it once, it's so simple and transparent, it works great.
|