[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: newbie question - LDAP and Active Directory

To: "Mark H. Wood" <mwood@IUPUI.Edu>
Subject: Re: newbie question - LDAP and Active Directory
From: Andreas Hasenack <andreas@conectiva.com.br>
Date: Fri, 10 May 2002 09:28:23 -0300
Cc: <openldap-software@OpenLDAP.org>
Content-disposition: inline
In-reply-to: <Pine.LNX.4.33.0205091700180.31847-100000@mhw.ULib.IUPUI.Edu>
References: <20020509212201.3374.qmail@web21206.mail.yahoo.com> <Pine.LNX.4.33.0205091700180.31847-100000@mhw.ULib.IUPUI.Edu>
User-agent: Mutt/1.3.28i

Em Thu, May 09, 2002 at 05:10:18PM -0500, Mark H. Wood escreveu:
> ldapsearch will use your Kerberos tickets if you have them.  You'd need to
> have Kerberos clients installed on the system hosting your LDAP tools, and
> have it configured to know where the KDCs are for your ADS realm.  Then
> 'kinit user@REALM' will get you a TGT from one of the ADS DCs.  After
> that, the OpenLDAP tools should negotiate the necessary service ticket
> and present it to the LDAP service with no further need for passwords.

I tried this once, but it didn't work right "out of the box" and I let it
go. ldapsearch was asking the w2k kdc for a ldap/hostname ticket, which
the w2k machine didn't have. I assumed it was due to that authorization
field that MS implemented and I didn't investigate it further.

Are you saying that this actually works?

Follow-Ups:
- Re: newbie question - LDAP and Active Directory
  - From: "Mark H. Wood" <mwood@IUPUI.Edu>

References:
- newbie question - LDAP and Active Directory
  - From: Dave Snoopy <kingsnoopy7@yahoo.com>
- Re: newbie question - LDAP and Active Directory
  - From: "Mark H. Wood" <mwood@IUPUI.Edu>

Prev by Date: Re: Re: [ldap] LDAP:error 32 -No SuchObject
Next by Date: Re: newbie question - LDAP and Active Directory
Index(es):
- Chronological
- Thread