Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Windows Active Directory with Linux

1 view
Skip to first unread message

Tanuj Shah (ts86)

unread,
Jun 30, 2001, 6:33:13 PM6/30/01
to
Hi all,

Quote from an online article I was reading:...

"Active Directory is based on standard directory access protocols (such as
Lightweight Directory Access Protocol or LDAP)-which means it can
interoperate with other directory services employing these protocols"

Linux supports LDAP, so would it be possible to use Windows LDAP
functionality in Linux (for things like authentication). I'm more interested
in links to docs that might explain how to go about doing that.

TIA.
Kind Regards,
--
Tanuj Shah (ts86)
ta...@ts86.net

Dave Pickles

unread,
Jul 1, 2001, 4:01:56 AM7/1/01
to
Tanuj Shah \(ts86\) wrote:

> Hi all,
>
> Quote from an online article I was reading:...
>
> "Active Directory is based on standard directory access protocols (such
> as Lightweight Directory Access Protocol or LDAP)-which means it can
> interoperate with other directory services employing these protocols"
>
> Linux supports LDAP, so would it be possible to use Windows LDAP
> functionality in Linux (for things like authentication). I'm more
> interested in links to docs that might explain how to go about doing
> that.

M$ found a tiny point in the LDAP spec which allows a 'vendor-specific'
field, and they built their entire architecture into that field. So yes,
on the wire it looks like LDAP, but not as anyone else would recognise it.

If you want to know what goes into that vendor-specific field you will
have to pay M$ tens of thousands of dollars and sign a non-disclosure form.

There has been much unpleasantness among LDAP developers over this, and I
believe that loophole has been closed in the latest version of the spec.
--
Dave Pickles

Dave Stanton

unread,
Jul 1, 2001, 2:00:24 PM7/1/01
to
I
> M$ found a tiny point in the LDAP spec which allows a 'vendor-specific'
> field, and they built their entire architecture into that field. So yes,
> on the wire it looks like LDAP, but not as anyone else would recognise
> it.

Well, Well What a surprise !!

Dave

alexd

unread,
Jul 1, 2001, 5:51:19 PM7/1/01
to
Dave Pickles wrote:

> M$ found a tiny point in the LDAP spec which allows a 'vendor-specific'
> field, and they built their entire architecture into that field. So yes,
> on the wire it looks like LDAP, but not as anyone else would recognise it.

I'm stunned. Not. What next? Writing entire pages for internet explorer v.7
inside <!-- and --> ? I'm having nightmare visions about IPv6 already...

> If you want to know what goes into that vendor-specific field you will
> have to pay M$ tens of thousands of dollars and sign a non-disclosure
> form.

Is there any likelyhood that someone will do with this what the samba team
did with SMB? I'm sure that by the time they do, M$ will have moved the
goalposts again.

alexd

Mark Evans

unread,
Jul 9, 2001, 7:24:26 AM7/9/01
to
Dave Pickles <da...@cyw.uklinux.net> wrote:

> M$ found a tiny point in the LDAP spec which allows a 'vendor-specific'
> field, and they built their entire architecture into that field. So yes,
> on the wire it looks like LDAP, but not as anyone else would recognise it.

Maybe someone should check every protocol, considering
this isn't the first time Microsoft have done this
kind of thing...

--
Mark Evans
St. Peter's CofE High School
Phone: +44 1392 204764 X109
Fax: +44 1392 204763

0 new messages