Link to home
Start Free TrialLog in
Avatar of tomghormley
tomghormley

asked on

Can I create a Linux LDAP server to coexist with my existing Active Directory network?

I want to run a Linux/PHP application that will help manage a document repository.  To avoid separate user logons/passwords, I located one (DocMGR) that can authenticate via LDAP.  The problem is that the LDAP criteria for this app does not meet the setup on our Active Directory.  Furthermore, I'm not a domain admin so I can't make changes to the existing configuration (not that I would want to anyway).

Can I set up a separate, Linux-based (openLDAP?) server to replicate the LDAP data and allow users to authenticate against IT instead of the Windows servers?  After the initial installation, I would want this to update and replicate with the AD information without any further intervention on my part.  Is this possible?
Avatar of kamichie
kamichie

Yes this is possible, but you will have to have access to the orignal LDAP domain. The way LDAP authtication works is when a user logs into the webpage his creditals from the current domain logon are passed to the webpage. Basically even if you create an exact replica of your AD users in the OpenLDAP linux box they will still have to pass there username and password becasue they did not login to that domain. You are going to need your network admin to help you with this if you need LDAP authetication.
Avatar of tomghormley

ASKER

Thanks for responding.  I don't mind getting the domain admin to help me on this.  The only reason I need a separate server is the PHP script I want to run requires the following:

"First, your ldap directory must use posixAccounts for the accounts you wish to allow access.  Second, your passwords must be encrypted with "{CRYPT}". Passwords using a different algorithm or in plaintext will not work. Accounts are stored using "uid=username,dc=domain,dc=com", which goes hand-in-hand with the posixAccount setup. If your ldap directory is not setup this way, ldap will not work."

Will I be able to setup the Linux LDAP server to meet these requirements, but then pass authentication on to the Windows server?  Or, would the Windows server have to be setup to use CRYPT and posix?
ASKER CERTIFIED SOLUTION
Avatar of kamichie
kamichie

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial