You can set up an OpenLDAP server and use the pass-through authentication (PTA) mechanism to verify the user credentials against Active Directory.
At a high level, the OpenLDAP pass-through authentication solution involves the following steps.
- To enable LDAPS (Lightweight Directory Access Protocol over SSL), install Certificate Services on the Active Directory.
- Set up an OpenLDAP server.
- Synchronize user information (except password) from the Active Directory to the OpenLDAP server.
- Configure the OpenLDAP server to delegate password verification to a separate process such as saslauthd, which can perform password verification against the Active Directory.
- Configure the Linux desktops to use an LDAP client to authenticate users with the OpenLDAP server.