Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i am considering taking down my Small Business Server 2003 Active Directory and implementing directory based authentication using openLDAP. i am not really interested in other features of AD so i think i can 'afford' using openLDAP. my question is what exactly can i authenticate agains openLDAP? openRADIUS? Samba? Windows XP? Windows 2000/2003 server? also i interested if someone has made this switch and can share their experiences. what were the benefits/drawbacks? right now i am runnning an all-windows shop but i am considering moving several parts of it to open source because of the applications i need. any input appreciated...
We did not switch from AD to LDAP, but started with LDAP from the beginning. We use samba + LDAP + freeradius for all of our authentication needs. LDAP is the backend, and samba and freeradius can hook right into it. Samba is setup as a domain controller so all of our windows clients can authenticate against it. Using pam, linux clients can also authenticate via LDAP. Apache authentication (.htaccess) is done using mod_auth_ldap. WPA enabled wireless clients (win & linux) authenticate using PEAP via freeradius. We used to have a Linux based l2tp/ipsec vpn that used freeradius, however I recently swapped that out with openVPN (which also uses freeradius). Our mail is handled by a 3rd party, however I have been looking into a postfix/courier-pop solution that can use ldap as a backend. We also run various webapps (bugzilla, dotproject, etc...) that use ldap as a backend.
thanks for the reply. isn't there a way to authenticate windows machines (windows xp and windows 2003 servers) against openLDAP without samba? also, how did you like dotProject? we use SharePoint right now but i would love to change that.
Using pgina you can authenticate windows systems directly via ldap or radius. As for dotproject, I can only comment on the setup and administraton aspect. I did the install about 3 weeks ago and haven't had any issues so far. The install was a piece of cake and I haven't had any user complaints/issues yet.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.