Re: LDAP: possible problems with user authentication
i just forgot something.
AD manage the (user) permissions and groups stuff: Like - this user can access to this printer or that user can not use pen drive - and i haven`t found yet something like that in free Software, or something similar in LDAP or with LDAP (openLdap)
Someone have some idea
2010/2/22 Germana Oliveira <email@example.com>
We are really convince that OpenLDAP is way better choice than Active Directory, most if we already decide that Debian is going to be our Servers OS...
i have been googling about openLdap problems and found nothing very difficult or weird, most of then are user problems: bad configurations, etc.
but really hopping you can tell me more about your experience, personal and with professional (implementations in: industries, commercial, corporations, organizations)
Thanks Joe for the quick replay!
2010/2/22 Joe <firstname.lastname@example.org>
Ask Microsoft. Active Directory *is* LDAP. These people are pulling your <appendage of choice>, as they will know perfectly well what Active Directory is.
Germana Oliveira wrote:
Some service (software) companies have been telling us 'not to use
ldap for user authentication' instead they recommend us to use
Microsoft Active Directory, this because, they say, LDAP is
problematic, talking about domain, and hard to use - for example is
very complicated to change a password in LDAP, versus the Graphical
interface of Active Directory.
We think, Active Directory can be a open door for our system, so we
really want to use LDAP, because all our servers are going to be in
So we want to know your experience with LDAP.
It's not hard to make any kind of graphical interface you want for LDAP. I have an LDAP email directory at home, and I've thrown together a few extremely simple PHP pages to manipulate it. If I need to do something I didn't bother to put into my pages, I use a graphical LDAP editor.
It's not hard to query Active Directory, if you have an account with suitable permissions. DSQUERY is the Windows command-line (yes, it does have one) LDAP query tool. ADSIedit is a GUI LDAP query tool.
Windows users expect to use a single account to access everything, so if you work closely with a Microsoft domain, it would probably be a good idea to use the AD account database, either directly or by replicating it to a local OpenLDAP server.
Archive: 4B82D79B.email@example.com" target="_blank">http://lists.debian.org/4B82D79B.firstname.lastname@example.org
germanaoliveirab arroba gmail punto com