We help IT Professionals succeed at work.

Can I create a Linux LDAP server to coexist with my existing Active Directory network?

tomghormley asked
Medium Priority
Last Modified: 2012-05-05
I want to run a Linux/PHP application that will help manage a document repository.  To avoid separate user logons/passwords, I located one (DocMGR) that can authenticate via LDAP.  The problem is that the LDAP criteria for this app does not meet the setup on our Active Directory.  Furthermore, I'm not a domain admin so I can't make changes to the existing configuration (not that I would want to anyway).

Can I set up a separate, Linux-based (openLDAP?) server to replicate the LDAP data and allow users to authenticate against IT instead of the Windows servers?  After the initial installation, I would want this to update and replicate with the AD information without any further intervention on my part.  Is this possible?
Watch Question

Yes this is possible, but you will have to have access to the orignal LDAP domain. The way LDAP authtication works is when a user logs into the webpage his creditals from the current domain logon are passed to the webpage. Basically even if you create an exact replica of your AD users in the OpenLDAP linux box they will still have to pass there username and password becasue they did not login to that domain. You are going to need your network admin to help you with this if you need LDAP authetication.


Thanks for responding.  I don't mind getting the domain admin to help me on this.  The only reason I need a separate server is the PHP script I want to run requires the following:

"First, your ldap directory must use posixAccounts for the accounts you wish to allow access.  Second, your passwords must be encrypted with "{CRYPT}". Passwords using a different algorithm or in plaintext will not work. Accounts are stored using "uid=username,dc=domain,dc=com", which goes hand-in-hand with the posixAccount setup. If your ldap directory is not setup this way, ldap will not work."

Will I be able to setup the Linux LDAP server to meet these requirements, but then pass authentication on to the Windows server?  Or, would the Windows server have to be setup to use CRYPT and posix?
The only way to do that would be to replicate LDAP, but Microsofts LDAP is propritery so it's not going to happen. You either have to use OpenLDAP for all your users or find another solution.
It is possible to run OpenLDAP on a windows box, but this kind of defeats the purpose, and I dont think you network admin wants to do all that. Maybe you could start a little mini revolution in the office, scrap that stupid windoze box and use all open source applications. It will save you a crap load of money in the end.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.