[Date Prev][Date Next]
Re: newbie question - LDAP and Active Directory
Em Thu, May 09, 2002 at 05:10:18PM -0500, Mark H. Wood escreveu:
> ldapsearch will use your Kerberos tickets if you have them. You'd need to
> have Kerberos clients installed on the system hosting your LDAP tools, and
> have it configured to know where the KDCs are for your ADS realm. Then
> 'kinit user@REALM' will get you a TGT from one of the ADS DCs. After
> that, the OpenLDAP tools should negotiate the necessary service ticket
> and present it to the LDAP service with no further need for passwords.
I tried this once, but it didn't work right "out of the box" and I let it
go. ldapsearch was asking the w2k kdc for a ldap/hostname ticket, which
the w2k machine didn't have. I assumed it was due to that authorization
field that MS implemented and I didn't investigate it further.
Are you saying that this actually works?