Trying to figure out, what LDAP-authentication is. I can authenticate using LDAP against MS Active Directory, Samba4, FreeIPA and OpenLDAP, right?
So, these four software can hold users' auth-data. But why Windows authentication service can not authenticate against OpenLDAP? What AD can tell to Windows OS, that can not be told by OpenLDAP?
If I will build LDAP-authentication for web service, will it be working on all LDAP powered services or not?
With the right configuration in place ahead of time, Windows can access OpenLDAP no problem. For example, I know that HP as a company was on OpenLDAP as a company as their centralized internal authentication directory before they switched to AD a decade and a half ago. Windows clients joined to the AD domain first present a Kerberos ticket to the AD domain controller instance and authenticate before they are allowed to browse it's LDAP directory because by default Windows clients cannot browse the AD LDAP anonymously as AD LDAP is a Kerberos-protected (by AD) resource. OpenLDAP in your case was probably secured by someone in the past, and thus it also cannot be browsed anonymously so you will have to make some provision to get these Windows clients able to browse the OpenLDAP directory. You can do this in a couple of ways. In short, security re-configuration will be required before it will work the way you want. Here's a link showing how to secure OpenLDAP, just reverse engineer the instructions to make the necessary changes to open up the access: OpenLDAP Access Control and note that any web application server can quickly be configured to point to any LDAP directory for authentication, but the web application service can only be pointed to one type of LDAP at any one time, so either its pointed to AD or pointed to Open LDAP but can't be to both at the same time. Does this answer your question?
