通过提前正确配置,Windows可以访问OpenLDAP没问题 . 例如,我知道惠普作为一家公司将OpenLDAP作为一个公司作为其集中的内部认证目录,然后在十五年前转向AD . 加入AD域的Windows客户端首先向AD域控制器实例提供Kerberos票证并在允许其浏览之前进行身份验证's LDAP directory because by default Windows clients cannot browse the AD LDAP anonymously as AD LDAP is a Kerberos-protected (by AD) resource. OpenLDAP in your case was probably secured by someone in the past, and thus it also cannot be browsed anonymously so you will have to make some provision to get these Windows clients able to browse the OpenLDAP directory. You can do this in a couple of ways. In short, security re-configuration will be required before it will work the way you want. Here' sa链接显示如何保护OpenLDAP,只需对指令进行反向工程以进行必要的更改以打开访问:OpenLDAP Access Control并注意,任何Web应用程序服务器都可以快速配置为指向任何LDAP目录进行身份验证,但Web应用程序服务一次只能指向一种类型的LDAP,因此它指向AD或指向打开LDAP但不能同时打开两者 . 这回答了你的问题了吗?
1 回答
通过提前正确配置,Windows可以访问OpenLDAP没问题 . 例如,我知道惠普作为一家公司将OpenLDAP作为一个公司作为其集中的内部认证目录,然后在十五年前转向AD . 加入AD域的Windows客户端首先向AD域控制器实例提供Kerberos票证并在允许其浏览之前进行身份验证's LDAP directory because by default Windows clients cannot browse the AD LDAP anonymously as AD LDAP is a Kerberos-protected (by AD) resource. OpenLDAP in your case was probably secured by someone in the past, and thus it also cannot be browsed anonymously so you will have to make some provision to get these Windows clients able to browse the OpenLDAP directory. You can do this in a couple of ways. In short, security re-configuration will be required before it will work the way you want. Here' sa链接显示如何保护OpenLDAP,只需对指令进行反向工程以进行必要的更改以打开访问:OpenLDAP Access Control并注意,任何Web应用程序服务器都可以快速配置为指向任何LDAP目录进行身份验证,但Web应用程序服务一次只能指向一种类型的LDAP,因此它指向AD或指向打开LDAP但不能同时打开两者 . 这回答了你的问题了吗?