Mapping AD names to unix names
Yes, directory servers winsync maps AD's samAccountName to uid on LDAP-DS, and Unix use the uid attribute for login name. It is not necessary to use kerberos authentication of AD, if you sync passwords between AD and DS with winsync.
----- Ursprüngliche Nachricht -----
Von: Zebee Johnstone <Zebee.Johnstone@optus.com.au>
Datum: Freitag, 21. Januar 2011, 2:43
Betreff: [389-users] Mapping AD names to unix names
An: "'email@example.com'" <firstname.lastname@example.org>
> I want to, amongst other things,* qury our Active Directory
> server for passwords.* So use 389 as a directory server
> (using NIS scheme and netgroups) with AD passwords.
> Problem is... our AD uses usernames of First Last and a kerberos
> principle of first.last.* Where as the unix (linux, AIX,
> HPUX, Solaris) boxes use 8char usernames.
> The password sync stuff I've seen isn't very clear.* Does
> the AD samAccountName have to be the same as the unix
> username?* Or is there somewhere on 389 or on AD where I
> can do a lookup?
> This http://docs.redhat.com/docs/en-
> US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Using_Windows_Sync-Synchronizing_Users.html seems to say there's a field ntUserDomainId that would do that job, is that used in the sync?
> Is there any documentation on setting this up?
> 389 users mailing list
389 users mailing list