Migration from Active directory to OpenLDAP

active-directorymigrationopenldap

Im pretty new to LDAP and AD. I have to port our present authorization/authentication structure from AD to OpenLDAP.
Is it possible to run the entire setup in windows? What are the steps for migration of the policies and adjustments req.?
I'v read up a few tutorials, so should be able to follow the inputs.
Regards, Anthony G.

Best Answer

My first answer would be don't...

What I think you are actually asking is: How do I port from Microsoft AD Domain to a Samba/OpenLDAP/Kerberos setup. It's Samba that actually handles the authentication/authorisation side of things - OpenLDAP is just a directory.

Samba barely does group policies - you need to use the NTPOL editor from Windows NT4 days - it only has 70-80% of the functionality of XP local group policy (before some wise guy pipes up about Samba 4 - it's not out yet, one day maybe). You can apply Samba policy only to user groups not computer groups- the list goes on.

There are no easy migration wizards, pretty much every Samba tutorial does it from scratch, which is what you may end up doing. And in the end you will end up with a setup that is not as good as before - I suggest you think long & hard about whether it is the right thing to do (and yes I do support a Samba domain, and wish every day I had a Windows one).

OP Edit:

The correct incantation that worked was:

[John_Marshall@WN7-BG3YSM1 ~]$ ldapsearch -x -h <new_ip_addr> \
-D "Americas\John_Marshall" -W \
-b "cn=John_Marshall,ou=users,ou=austin,dc=amer,dc=MyComanyName,dc=com" \
mail telephonenumber ""

Best Answer

Related Solutions

Installing OpenLDAP on Fedora 12: ldap_bind: Invalid credentials (49)

Ldapsearch against Active Directory fails authentication + search params wrong

OP Edit:

Related Topic