Re: LDAP: possible problems with user authentication
Germana Oliveira wrote:
Some service (software) companies have been telling us 'not to use
ldap for user authentication' instead they recommend us to use
Microsoft Active Directory, this because, they say, LDAP is
problematic, talking about domain, and hard to use - for example is
very complicated to change a password in LDAP, versus the Graphical
interface of Active Directory.
We think, Active Directory can be a open door for our system, so we
really want to use LDAP, because all our servers are going to be in
So we want to know your experience with LDAP.
Ask Microsoft. Active Directory *is* LDAP. These people are pulling your
<appendage of choice>, as they will know perfectly well what Active
It's not hard to make any kind of graphical interface you want for LDAP.
I have an LDAP email directory at home, and I've thrown together a few
extremely simple PHP pages to manipulate it. If I need to do something I
didn't bother to put into my pages, I use a graphical LDAP editor.
It's not hard to query Active Directory, if you have an account with
suitable permissions. DSQUERY is the Windows command-line (yes, it does
have one) LDAP query tool. ADSIedit is a GUI LDAP query tool.
Windows users expect to use a single account to access everything, so if
you work closely with a Microsoft domain, it would probably be a good
idea to use the AD account database, either directly or by replicating
it to a local OpenLDAP server.