Coordinating LDAP with Win Domain

Posted on 2007-10-18
Medium Priority
Last Modified: 2010-04-20
The company I have just started with has a LDAP environment and is looking to coordinate a windows 2003 domain structure.  Do I set up the Win domain as if there was none in existence?  How do i coordinate the LDAP with the domain to allow one point of entry for all new users?
Question by:gordonmann
LVL 63

Expert Comment

ID: 20100999
Most LDAP solutions know how to Sync with Active Directory.

Otherwise use the LDAP solution built into AD.

It depends on what special data may be missing from one vs. the other, and which will be a more complete solution that is also secure.

What LDAP is presently in use ?
Have you looked for AD connectors for it ?

I hope this helps !
LVL 62

Expert Comment

ID: 20102327
Firsthand have a look at PGINA and Kerberos options.
Basically you cannot have AD and LDAP hybrid authentication.

Accepted Solution

4dimach earned 2000 total points
ID: 20108812
You may consider this option (if I understood your question correct):

Eventually you want to have only one production directory with all users to manage.

Install Win 2003 Domain. You don't need to worry about your LDAP on this step.
Then exports your accounts from old LDAP (I assume its LInux or Novell) and import them into Windows AD - you can google exact commands to do it. I don't think you can export/imports password. But everything else - yes.

You may need to adjust OU and authentication options in application using LDAP servers.

After that you can start using your AD server's IP address/name as new LDAP server.

Thank you.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 62

Expert Comment

ID: 20109776
AD cannot Import/Export passwords. Rest of the world does it using LDIF format.

Author Comment

ID: 20110566
I then assume all new users will be enter via AD?

Expert Comment

ID: 20110641
New users will be in AD


you need export/import old LDAP users with a default password and 'change password on first login' enabled.


Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month16 days, 7 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question