Quoting Wayne Johnson <wdtj at yahoo.com>:

> I'm working on a project where we'll have an application that has to 
> authenticate a user via ActiveDirectory.  We're going the LDAP route. 
>  I have some questions on extending the ActiveDirectory Schema for 
> our application specific user attributes.
>
> On another project at school, we're looking at setting up a central 
> authentication authority.  This is a homogeneous network with both 
> Windows clients and Fedora Core servers.  I was thinking about trying 
> out Fedora Directory Service, but will the Windows clients 
> authenticate off it like it was ActiveDirectory?  Or is it better to 
> run Samba's domain controller off of LDAP and then use the PAM LDAP 
> for Linux?
>
<snip>

LDAP is not Active Directory, and vice versa. AD is an amalgam of 
protocols of which LDAP is a piece. There is also Kerberos and some 
other stuff wrapped up in there. You can use an Active Directory server 
as an LDAP store and authenticate against it that way. A Windows client 
will not authenticate seamlessly against an LDAP server without some 
other client software being involved. If you need AD, your best bet 
will be to use Windows as the authentication server and configure your 
Linux boxen to authenticate against that using LDAP or Kerberos. Here's 
an article I found on seting up Linux to authenticate against an AD 
server, might help: 
http://enterprise.linux.com/article.pl?sid=04/12/09/2318244&tid=102&tid=101&tid=100

Josh