[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LDAP: possible problems with user authentication



We are really convince that OpenLDAP is way better choice than Active Directory, most if we  already decide that Debian is going to be our Servers OS...

i have been googling about openLdap problems and found nothing very difficult or weird, most of then are user problems: bad configurations, etc.

but really hopping you can tell me more about your experience, personal and with professional (implementations in: industries, commercial, corporations, organizations)

Thanks Joe for the quick replay!


2010/2/22 Joe <joe@jretrading.com>
Germana Oliveira wrote:
Hi!

Some service (software) companies have been telling us 'not to use
ldap for user authentication' instead they recommend us to use
Microsoft Active Directory, this because, they say, LDAP is
problematic, talking about domain,  and hard to use - for example is
very complicated to change a password in LDAP, versus the Graphical
interface of Active Directory.

We think, Active Directory can be a open door for our system, so we
really want to use LDAP, because all our servers are going to be in
Debian...

So we want to know your experience with LDAP.


Ask Microsoft. Active Directory *is* LDAP. These people are pulling your <appendage of choice>, as they will know perfectly well what Active Directory is.

It's not hard to make any kind of graphical interface you want for LDAP. I have an LDAP email directory at home, and I've thrown together a few extremely simple PHP pages to manipulate it. If I need to do something I didn't bother to put into my pages, I use a graphical LDAP editor.

It's not hard to query Active Directory, if you have an account with suitable permissions. DSQUERY is the Windows command-line (yes, it does have one) LDAP query tool. ADSIedit is a GUI LDAP query tool.

http://technet.microsoft.com/en-us/library/cc732952%28WS.10%29.aspx
http://support.microsoft.com/kb/312299

Windows users expect to use a single account to access everything, so if you work closely with a Microsoft domain, it would probably be a good idea to use the AD account database, either directly or by replicating it to a local OpenLDAP server.
--
Joe



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4B82D79B.7010806@jretrading.com" target="_blank">http://lists.debian.org/4B82D79B.7010806@jretrading.com




--
Germana Oliveira

germanaoliveirab arroba gmail punto com
http://626f67.wordpress.com
http://slcarabobo.wordpress.com


Reply to: