Introduction

Created by Microsoft Corporation, Active Directory (AD) provides the means to manage the identities and relationships that make up your organization's network. Active Directory stores information and settings in a central database and also allows administrators to assign policies, organize available software, and apply vital updates to an organization.

When installed, IPBrick uses the local Lightweight Directory Access Protocol (LDAP) to authenticate the users (Advanced Configurations -> IPBrick -> Authentication). It means that these users are created in IPBrick, so IPBrick will be acting as the network PDC^1.1. If the organization already has a PDC (eg: Windows 2003 Active Directory) and an IPBrick is being installed, it could be necessary to integrate the IPBrick with the Active Directory. The integration level depends on the services that will be running in IPBrick:

• No integration: If the IPBrick is a communications server without services requiring user authentication, these services serve as examples that will require no integration:
  • Mail relay
  • Transparent/Standard Proxy
  • VoIP
  • Firewall
  • Webserver.
• Partial integration: If the IPBrick needs to authenticate users, you must change the authentication type to AD Domain Member (IPBrick Master). It's called a partial integration because the IPBrick only will need to query the Windows LDAP for the authentication process (please consult Chapter 1.2 and Chapter 2).
  • These are some services/applications running in IPBrick that need this type of integration:
  • Proxy with authentication;
  • PPTP VPN;
  • Intranet applications running on IPBrick (Calendar, Contacts etc)

• Total integration: In a total integration, the IPBrick besides querying LDAP for authentication, will have physically a user's account. However the LDAP server must be extended in order to support all the IPBrick requirements, such as:
  • UNIX attributes: NIS domain, UID, GID, login shell and home directory;
  • Automount information LDAP attributes;
  • Mail server LDAP attributes (qmail-ldap).

• Examples when a total integration is needed:
  • The IPBrick will be the internal mail server: Windows Exchange service will be replaced by IPBrick qmail service.
  • You will use the documentation management system developed by iPortalMais - iPortalDoc

• If the goal is to do a total integration with AD, please follow all the steps presented in this Manual.

Footnotes

... PDC^1.1

Primary Domain Controller