> On Aug 18, 2020, at 7:31 AM, Yudhi Karunia Surtan <[email protected]> > wrote: > > Hi John, > > I'm not sure why you would like to use AD rather than openldap. > If the reason is about the existing credentials only i used SASL from > openldap to delegate the authentication to AD.
Agree with Yudhi that most use openldap as a proxy to AD. There are various mechanisms in which to then handle authN part. Actually, other attributes, besides pw’s, can be pulled (or accessed) from AD in this way. SASL (as Yudhi mentioned), BackLDAP, Remoteauth and others. These will sidestep the issues I mentioned earlier. The integration requirements will dictate which mechanism is best. But, if the organization is willing to accept a custom schema being applied, can provide read/write access to portions of the DIT, on behalf of Fortress, an AD-only solution is possible. — Shawn > So before we use fortress in our company, previously AD already existed at > the beginning to maintain other computer email and their windows > credentials. > Since most open sources don't work well with AD, I asked to use openldap > for all the internal applications that we build rather than use AD. > The only thing that I did was create a scheduler to sync AD user entries to > my fortress people tree. > Hope these answers might help you. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
