Active Directory 与 OpenLDAP [英] Active Directory vs OpenLDAP

问题描述

LDAP 协议的这两种实现之间的主要区别是什么?哪个更适合异质环境?有没有关于这个主题的好网站?

What are the main diffrences between these two implementations of LDAP protocol? Which is better for heterogenous environment? Any good websites about this topic?

推荐答案

对于希望使用通用服务器(如 OpenLDAP)的异构环境.AD 的优点通常是它已经包含您的内部用户的用户帐户 - 这些可以与单独的 LDAP 服务器保持同步，尽管这会增加复杂性.

For hetrogenous environments you want to use a general-purpose server such as OpenLDAP. The advantage of AD usually is that it already contains user accounts for your internal users - these can be kept in synch with separate LDAP server though this adds complexity.

就协议的细节而言，Oracle Virtual Directory 的文档有一个很好的总结.(OVD 是一种产品，可用于代理 AD 并将其一些怪癖转化为更标准的界面.):

As far as specifics of the protocol go, the docs for Oracle Virtual Directory have a pretty good summary. (OVD is a product that can be used to proxy AD and translate some of its quirks into a more standard interface.):

http://download.oracle.com/docs/html/E10286_01/app_bundled_plugins.htm#CHDGDBBG

范围属性 属性在 Active Directory 和 ADAM 中然后 1000 个值返回 1000 在名称包含的时间返回的值范围(或1500 用于 Windows 2003).范围是以以下形式返回给客户:member;1-1000: somevalue 为了获取接下来的一千个条目，客户端应用程序必须以某种方式知道重复查询并请求属性成员；1001-2000.这需要应用程序来处理Microsoft Active Directory 中的与其他方式相比的特殊方式目录产品.

Ranging Attributes Attributes in Active Directory and ADAM with more then 1000 values are returned 1000 at a time with a name that includes the range of values that were returned (or 1500 for Windows 2003). The range is returned to the client in the form: member;1-1000: somevalue In order to get the next thousand entries, the client application must somehow know to repeat the query and request the attribute member;1001-2000. This requires applications to handle Microsoft Active Directory in a special way compared to other directory products.

密码更新 MicrosoftActive Directory 和 ADAM 具有特殊的关于如何设置密码的规则可以使用 LDAP 更新用户:

Password Updates Microsoft Active Directory and ADAM have special rules around how the password of a user may be updated by using LDAP:

• 密码只能通过安全的 SSL 连接进行更新.
• 如果用户正在更新自己的密码，则必须使用原始密码包含在修改删除中新密码是一个修改插件相同的修改操作.
• 只有管理员可以在不知道用户密码的情况下重置用户密码以前的密码.
• Active Directroy 不使用 userPassword 属性，它使用unicodePwd 属性(这是quoted-UTF16-hex-padded-base64 编码).

ObjectClass 映射 大多数 LDAP目录使用 inetOrgPerson 和groupOfUniqueNames 对象类用户和组.微软活跃目录使用用户和组具有特定属性的对象类到 Active Directory NOS 要求微软."

ObjectClass Mapping Most LDAP directories use the inetOrgPerson and groupOfUniqueNames object classes for users and groups. Microsoft Active Directory uses the user and group objectClasses with attributes specific to Active Directory NOS requirements of Microsoft."

这些是一些主要的，但还有其他的.

These are some of the main ones but there are others.

这篇关于Active Directory 与 OpenLDAP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！