[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: newbie question - LDAP and Active Directory
Wow, thanks for all of this great information!
The SSH option won't work for me. The people I'm
creating this tool for don't want administrators to
have to install/configure too much stuff ahead of time
on their domain controllers.
Kerberos sounds like just the ticket (no pun
intended).
Has anyone ever tried this with with Win2k DCs before
though? I heard that Microsoft Kerberos is not 100%
compatible with the standard that open source software
uses (e.g. MIT Kerberos).
What Kerberos client would you recommend, and do you
know how to integrate it with OpenLDAP? Is it just a
compile option?
Cheers,
Dave
--- "Mark H. Wood" <mwood@IUPUI.Edu> wrote:
> ldapsearch will use your Kerberos tickets if you
> have them. You'd need to
> have Kerberos clients installed on the system
> hosting your LDAP tools, and
> have it configured to know where the KDCs are for
> your ADS realm. Then
> 'kinit user@REALM' will get you a TGT from one of
> the ADS DCs. After
> that, the OpenLDAP tools should negotiate the
> necessary service ticket
> and present it to the LDAP service with no further
> need for passwords.
>
> Don't forget to kdestroy the ticket cache when
> you're done.
>
> --
> Mark H. Wood, Lead System Programmer
> mwood@IUPUI.Edu
> MS Windows *is* user-friendly, but only for certain
> values of "user".
>
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Mother's Day is May 12th!
http://shopping.yahoo.com