You can set up an OpenLDAP server and use the pass-through authentication (PTA) mechanism to verify the user credentials against Active Directory.

At a high level, the OpenLDAP pass-through authentication solution involves the following steps.

Procedure

  1. To enable LDAPS (Lightweight Directory Access Protocol over SSL), install Certificate Services on the Active Directory.
  2. Set up an OpenLDAP server.
  3. Synchronize user information (except password) from the Active Directory to the OpenLDAP server.
  4. Configure the OpenLDAP server to delegate password verification to a separate process such as saslauthd, which can perform password verification against the Active Directory.
  5. Configure the Linux desktops to use an LDAP client to authenticate users with the OpenLDAP server.