extend Active Directory

20 pts.
Tags:
LDAP
Hi folks, I would like to extend my Active Directory using openldap. Please bare with me while I explain. There are a couple of reasons that I need to do this and I would like your input into whether this is possible and hopefully point me in the right direction in accomplishing my goal. Reason 1: We have a product that is authenticating against our AD. There are also external customers that use the product who are not in active directory. Currently, when an external user attempts to log into our product, the product first looks to see if the user is in AD and if not, it then authenticates against a file where we currently store the external users username and password details. This is obvioulsy not the most secure setup. Reason 2: I have recently setup an openfire IM server which is authenticating against AD. AD currently only has the username and email address. I would like users to be able to update their own LDAP details, limited to phone number, photograph, address, department, external email, team leader etc. We could use GALMOD.exe to allow users to do this but it doesn't seem to be the best tool for our environment. I thought that the best solution may be to have both applications authenticating against OPENLDAP which would, of sorts, be setup as an extension of AD. I would create a new OU in OpenLDAP for the external clients which would not pull any information from Active Directory. I would then like to pull data for the internal users from OU=users in AD but only the username, password and internal email fields. I would then give users access to update the other fields themselves. Is this a viable solution or can you think of a better solution. Thanks for listening.

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following