Hi Friends,
I have below scenarios .
dom1.test.com - LDAP
dom2.test.com - AD
Requirement is establish a trust relation between LDAP and AD server in such a way that if any user login on LDAP managed authentication server with
dom1\username -> get authenticated by LDAP host
dom2\username -> LDAP authenticate the user from AD server .
username -> LDAP check if able to authenticate with dom1 else check with dom2 of AD .
Please assist and valuable suggestions are welcome .
Thanks
Shirish
This is a really vague question. What kind of suggestions are you looking for?
I think I understand, you can do this for most services, including system login, ssh, etc... using PAM modules. In my case (not your case), I need to allow auth to local service as well as AD, so in my /etc/pam.d/common-account (note: your PAM structure may be different) and common-auth, I have (example is from common-account):
account requisite pam_unix2.so
account sufficient pam_localuser.so
account required pam_winbind.so use_first_pass
You could do something similar with pam_ldap. With regards to AD, you need to decide how you are doing that and whether or not you want to use winbind (which is what I use). There's a lot to PAM, it's very powerful, you may want read up on it first. I'm sure there are examples out there that do close to what you are wanting. Google is your friend.