| 1 |
gregorcy <gregorcy@××××××××.edu> 2011-10-29 10:52: |
| 2 |
> What's missing: OpenLDAP replication from AD? Is this possible? Is this |
| 3 |
> needed? Since I want another machines (running Linux) to authenticate it |
| 4 |
> will be a good idea only ONE machine get information from AD and |
| 5 |
> everyone else authenticate natively on this Gentoo Machine. |
| 6 |
> |
| 7 |
> No this is not needed. If you are in a mixed environment (I think) it |
| 8 |
> is much easier to just use AD as the one directory service and join all |
| 9 |
> your linux boxes to it. As long as your idmap ranges match your users |
| 10 |
> will have the same uid on all boxes. |
| 11 |
|
| 12 |
I agree with this except for the need to "join all your linux boxes". |
| 13 |
AD is really just ldap+kerberos. Most of the time you don't need the |
| 14 |
headache of kerberos and can just use the ldap component. Modern AD |
| 15 |
schemas include all the of necessary attributes support for having Linux |
| 16 |
clients talk to it directly for uid/gid mapping, which is much nicer |
| 17 |
since it avoids the complexity of any samba requirements when you don't |
| 18 |
need them (eg: mail, web, etc.). |
| 19 |
|
| 20 |
</cent></cent> |
| 21 |
|
| 22 |
Brian |
Archives