[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LDAP: possible problems with user authentication

Germana Oliveira wrote:

Some service (software) companies have been telling us 'not to use
ldap for user authentication' instead they recommend us to use
Microsoft Active Directory, this because, they say, LDAP is
problematic, talking about domain,  and hard to use - for example is
very complicated to change a password in LDAP, versus the Graphical
interface of Active Directory.

We think, Active Directory can be a open door for our system, so we
really want to use LDAP, because all our servers are going to be in

So we want to know your experience with LDAP.

Ask Microsoft. Active Directory *is* LDAP. These people are pulling your <appendage of choice>, as they will know perfectly well what Active Directory is.

It's not hard to make any kind of graphical interface you want for LDAP. I have an LDAP email directory at home, and I've thrown together a few extremely simple PHP pages to manipulate it. If I need to do something I didn't bother to put into my pages, I use a graphical LDAP editor.

It's not hard to query Active Directory, if you have an account with suitable permissions. DSQUERY is the Windows command-line (yes, it does have one) LDAP query tool. ADSIedit is a GUI LDAP query tool.


Windows users expect to use a single account to access everything, so if you work closely with a Microsoft domain, it would probably be a good idea to use the AD account database, either directly or by replicating it to a local OpenLDAP server.

Reply to: