Currently we are able to have kerberos authenticate users who are in active directory (AD) and added to ldap created netgroups. We also set their unix attributes and add them to the netgroup. IT would be so much easier if we could use actual AD groups. Is this at all possible?
Asked
Active
Viewed 608 times
1 Answers
0
AD works just fine as an LDAP server, the tricky part is that the default DIT ( or directory information tree ) is different between what most nssldap modules expect for netgroup like services.
I'm am fairly sure what you want can be done. You need to add a DIT that corresponds to the Posix Account Schema. This question should lead you in the right directions.
Keep AD Group Synced in OpenLDAP with POSIX Account Augmentation
Fred the Magic Wonder Dog
- 2,035
- 10
- 17