Hi Alzhy,
When I last looked into this (about 2 years ago now), I had a tailored ldapclientd.conf to connect to the AD, unfortunately, not using SSL (that was a next step).
My AD already had the MS SFU 3.5 extensions installed to support the HP LDAP-UX product set, as well as accounts and groups configured to support this. I was able to perform queries against the AD for users and find general auth details. (e.g. ls -al showed proper info out of the AD for non-local users).
There was no (HP) pam_authz style module available at the time for Linux, which was a bit of a showstopper for me, so I was looking at other similar methods at the time. I would suspect this has changed since then.
For Kerberos integration, it's no different that the process used for HP-UX. Create up your keys, export them per host, import them on the Linux host, yay.. The krb5.conf file was almost identical between Linux and HP-UX other than minor service differences, since they both come from MiT.
The automounter (autofs) under Linux is far more versatile that HP-UX, so it worked the same or better as well.
My primary difficulties were with respect to getting SSL connectivity working, a pam_authz replacement, and that I didn't like the AD authentication method that openldap was using at the time (clear-text password in the config file).
Don
