Can I create a Linux LDAP server to coexist with my existing Active Directory network?

I want to run a Linux/PHP application that will help manage a document repository.  To avoid separate user logons/passwords, I located one (DocMGR) that can authenticate via LDAP.  The problem is that the LDAP criteria for this app does not meet the setup on our Active Directory.  Furthermore, I'm not a domain admin so I can't make changes to the existing configuration (not that I would want to anyway).

Can I set up a separate, Linux-based (openLDAP?) server to replicate the LDAP data and allow users to authenticate against IT instead of the Windows servers?  After the initial installation, I would want this to update and replicate with the AD information without any further intervention on my part.  Is this possible?
tomghormleyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kamichieCommented:
Yes this is possible, but you will have to have access to the orignal LDAP domain. The way LDAP authtication works is when a user logs into the webpage his creditals from the current domain logon are passed to the webpage. Basically even if you create an exact replica of your AD users in the OpenLDAP linux box they will still have to pass there username and password becasue they did not login to that domain. You are going to need your network admin to help you with this if you need LDAP authetication.
0
tomghormleyAuthor Commented:
Thanks for responding.  I don't mind getting the domain admin to help me on this.  The only reason I need a separate server is the PHP script I want to run requires the following:

"First, your ldap directory must use posixAccounts for the accounts you wish to allow access.  Second, your passwords must be encrypted with "{CRYPT}". Passwords using a different algorithm or in plaintext will not work. Accounts are stored using "uid=username,dc=domain,dc=com", which goes hand-in-hand with the posixAccount setup. If your ldap directory is not setup this way, ldap will not work."

Will I be able to setup the Linux LDAP server to meet these requirements, but then pass authentication on to the Windows server?  Or, would the Windows server have to be setup to use CRYPT and posix?
0
kamichieCommented:
The only way to do that would be to replicate LDAP, but Microsofts LDAP is propritery so it's not going to happen. You either have to use OpenLDAP for all your users or find another solution.
It is possible to run OpenLDAP on a windows box, but this kind of defeats the purpose, and I dont think you network admin wants to do all that. Maybe you could start a little mini revolution in the office, scrap that stupid windoze box and use all open source applications. It will save you a crap load of money in the end.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.