Germana Oliveira wrote:
Hi! Some service (software) companies have been telling us 'not to use ldap for user authentication' instead they recommend us to use Microsoft Active Directory, this because, they say, LDAP is problematic, talking about domain, and hard to use - for example is very complicated to change a password in LDAP, versus the Graphical interface of Active Directory. We think, Active Directory can be a open door for our system, so we really want to use LDAP, because all our servers are going to be in Debian... So we want to know your experience with LDAP.
Ask Microsoft. Active Directory *is* LDAP. These people are pulling your <appendage of choice>, as they will know perfectly well what Active Directory is.
It's not hard to make any kind of graphical interface you want for LDAP. I have an LDAP email directory at home, and I've thrown together a few extremely simple PHP pages to manipulate it. If I need to do something I didn't bother to put into my pages, I use a graphical LDAP editor.
It's not hard to query Active Directory, if you have an account with suitable permissions. DSQUERY is the Windows command-line (yes, it does have one) LDAP query tool. ADSIedit is a GUI LDAP query tool.
http://technet.microsoft.com/en-us/library/cc732952%28WS.10%29.aspx http://support.microsoft.com/kb/312299Windows users expect to use a single account to access everything, so if you work closely with a Microsoft domain, it would probably be a good idea to use the AD account database, either directly or by replicating it to a local OpenLDAP server.
-- Joe