• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 476
  • Last Modified:

Can I create a Linux LDAP server to coexist with my existing Active Directory network?

I want to run a Linux/PHP application that will help manage a document repository.  To avoid separate user logons/passwords, I located one (DocMGR) that can authenticate via LDAP.  The problem is that the LDAP criteria for this app does not meet the setup on our Active Directory.  Furthermore, I'm not a domain admin so I can't make changes to the existing configuration (not that I would want to anyway).

Can I set up a separate, Linux-based (openLDAP?) server to replicate the LDAP data and allow users to authenticate against IT instead of the Windows servers?  After the initial installation, I would want this to update and replicate with the AD information without any further intervention on my part.  Is this possible?
0
tomghormley
Asked:
tomghormley
  • 2
1 Solution
 
kamichieCommented:
Yes this is possible, but you will have to have access to the orignal LDAP domain. The way LDAP authtication works is when a user logs into the webpage his creditals from the current domain logon are passed to the webpage. Basically even if you create an exact replica of your AD users in the OpenLDAP linux box they will still have to pass there username and password becasue they did not login to that domain. You are going to need your network admin to help you with this if you need LDAP authetication.
0
 
tomghormleyAuthor Commented:
Thanks for responding.  I don't mind getting the domain admin to help me on this.  The only reason I need a separate server is the PHP script I want to run requires the following:

"First, your ldap directory must use posixAccounts for the accounts you wish to allow access.  Second, your passwords must be encrypted with "{CRYPT}". Passwords using a different algorithm or in plaintext will not work. Accounts are stored using "uid=username,dc=domain,dc=com", which goes hand-in-hand with the posixAccount setup. If your ldap directory is not setup this way, ldap will not work."

Will I be able to setup the Linux LDAP server to meet these requirements, but then pass authentication on to the Windows server?  Or, would the Windows server have to be setup to use CRYPT and posix?
0
 
kamichieCommented:
The only way to do that would be to replicate LDAP, but Microsofts LDAP is propritery so it's not going to happen. You either have to use OpenLDAP for all your users or find another solution.
It is possible to run OpenLDAP on a windows box, but this kind of defeats the purpose, and I dont think you network admin wants to do all that. Maybe you could start a little mini revolution in the office, scrap that stupid windoze box and use all open source applications. It will save you a crap load of money in the end.

0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now