Quoting Wayne Johnson <wdtj at yahoo.com>: > I'm working on a project where we'll have an application that has to > authenticate a user via ActiveDirectory. We're going the LDAP route. > I have some questions on extending the ActiveDirectory Schema for > our application specific user attributes. > > On another project at school, we're looking at setting up a central > authentication authority. This is a homogeneous network with both > Windows clients and Fedora Core servers. I was thinking about trying > out Fedora Directory Service, but will the Windows clients > authenticate off it like it was ActiveDirectory? Or is it better to > run Samba's domain controller off of LDAP and then use the PAM LDAP > for Linux? > <snip> LDAP is not Active Directory, and vice versa. AD is an amalgam of protocols of which LDAP is a piece. There is also Kerberos and some other stuff wrapped up in there. You can use an Active Directory server as an LDAP store and authenticate against it that way. A Windows client will not authenticate seamlessly against an LDAP server without some other client software being involved. If you need AD, your best bet will be to use Windows as the authentication server and configure your Linux boxen to authenticate against that using LDAP or Kerberos. Here's an article I found on seting up Linux to authenticate against an AD server, might help: http://enterprise.linux.com/article.pl?sid=04/12/09/2318244&tid=102&tid=101&tid=100 Josh