Can I create a Linux LDAP server to coexist with my existing Active Directory network?

Posted on 2006-03-30
Last Modified: 2012-05-05
I want to run a Linux/PHP application that will help manage a document repository.  To avoid separate user logons/passwords, I located one (DocMGR) that can authenticate via LDAP.  The problem is that the LDAP criteria for this app does not meet the setup on our Active Directory.  Furthermore, I'm not a domain admin so I can't make changes to the existing configuration (not that I would want to anyway).

Can I set up a separate, Linux-based (openLDAP?) server to replicate the LDAP data and allow users to authenticate against IT instead of the Windows servers?  After the initial installation, I would want this to update and replicate with the AD information without any further intervention on my part.  Is this possible?
Question by:tomghormley
    LVL 4

    Expert Comment

    Yes this is possible, but you will have to have access to the orignal LDAP domain. The way LDAP authtication works is when a user logs into the webpage his creditals from the current domain logon are passed to the webpage. Basically even if you create an exact replica of your AD users in the OpenLDAP linux box they will still have to pass there username and password becasue they did not login to that domain. You are going to need your network admin to help you with this if you need LDAP authetication.

    Author Comment

    Thanks for responding.  I don't mind getting the domain admin to help me on this.  The only reason I need a separate server is the PHP script I want to run requires the following:

    "First, your ldap directory must use posixAccounts for the accounts you wish to allow access.  Second, your passwords must be encrypted with "{CRYPT}". Passwords using a different algorithm or in plaintext will not work. Accounts are stored using "uid=username,dc=domain,dc=com", which goes hand-in-hand with the posixAccount setup. If your ldap directory is not setup this way, ldap will not work."

    Will I be able to setup the Linux LDAP server to meet these requirements, but then pass authentication on to the Windows server?  Or, would the Windows server have to be setup to use CRYPT and posix?
    LVL 4

    Accepted Solution

    The only way to do that would be to replicate LDAP, but Microsofts LDAP is propritery so it's not going to happen. You either have to use OpenLDAP for all your users or find another solution.
    It is possible to run OpenLDAP on a windows box, but this kind of defeats the purpose, and I dont think you network admin wants to do all that. Maybe you could start a little mini revolution in the office, scrap that stupid windoze box and use all open source applications. It will save you a crap load of money in the end.


    Featured Post

    Gigs: Get Your Project Delivered by an Expert

    Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

    Join & Write a Comment

    Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
    In my business, I use the LTS (Long Term Support) versions of Linux. My workstations do real work, and so I rarely have the patience to deal with silly problems caused by an upgraded kernel that had experimental software on it to begin with from a r…
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now