Re: Is is possible to have Active Directory use a different LDAP server for logging in users?
- From: "Ian Becker" <ian.becker@xxxxxxxxx>
- Date: 22 Dec 2006 06:09:02 -0800
Thanks Joe, I think that will help out a lot and will look into it.
Kind of funny that you replied considering I am reading your book right
now.
-Ian
Joe Richards [MVP] wrote:
It is if you can kerberize the Tivoli stuff and make it into its own
realm (i.e. like a domain). Then you tell AD to trust that realm and it
will be similar to using another trusted domain.
Otherwise no, LDAP isn't a good auth mechanism and isn't an auth
protocol at all despite the fact that people use it for that. Windows
uses kerberos for Auth because it is a true auth protocol designed
specifically for that purpose.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Ian Becker wrote:
In our current environment, we have a Tivoli Directory server that is
our main LDAP server, would it be possible to have Active Directory
pass through logons to that to authenticate users without actually
replicating the databases?
Thanks,
Ian
.
- Follow-Ups:
- Re: Is is possible to have Active Directory use a different LDAP server for logging in users?
- From: Joe Richards [MVP]
- Re: Is is possible to have Active Directory use a different LDAP server for logging in users?
- References:
- Prev by Date: Re: Domain not detected after deletion of DC
- Next by Date: Can not log on locally to any DC's
- Previous by thread: Re: Is is possible to have Active Directory use a different LDAP server for logging in users?
- Next by thread: Re: Is is possible to have Active Directory use a different LDAP server for logging in users?
- Index(es):
Relevant Pages
|
