Next message: lk: "[WinMac] OSX"
"Welch, John C." <jwelch@aer.com>:
> Anyone out there have a good, coherent, logical source of info on how to get AD to talk to
> an LDAP directory server live. Note: THe LDAP is running on Solaris, and is running all our
> Sun/SGI/Linux boxes, so this is not, nor will it ever be a migration. I just need the
> Domain Controller/AD controller to do user login authentication against our LDAP server.
The problem is that you would be able to do *authentication* but not
*authorization*, which is equally as important. Windows 2000 expects an
authorization token (SID keychain) which will only be returned by an
Active Directory Server. In other words, although other clients can use
the combination of Kerberos and LDAP to authenticate against a W2K/AD
server, W2K systems can't authenticate against, say, a Unix server
running Kerberos and LDAP. (All part of the Microsoft mantra "embrace
and extend...")
The only option short of migrating your directory server is to mirror
your LDAP data with Active Directory, which is a non-trivial pursuit.
Microsoft has some very specialized tools for importing data from
external sources (including LDAP servers), but there is a steep learning
curve on using them, and keeping the two directories in synch is
especially problematic. You'll likely want to bring in some consultants
who are well-versed in the usage of those data-import tools. We are
knee-deep in this process ourselves with a joint project with Microsoft
and Dell to deploy Active Directory and Exchange 2000 campus-wide.
Glen Mark Martin (speaking only for myself)
ACITS NT/OpenVMS Services
University of Texas at Austin
*** Windows-MacintoshOS Cooperation List ***
FAQ: http://www.darryl.com/winmacfaq/
Archive: http://www.darryl.com/winmac/
To unsubscribe, send mail to winmac-request@lists.best.com
with just the word "unsubscribe" in the body of the message.
This archive was generated by hypermail 2b29
: Tue Sep 26 2000 - 14:29:23 PDT