[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: newbie question - LDAP and Active Directory

Em Thu, May 09, 2002 at 05:10:18PM -0500, Mark H. Wood escreveu:
> ldapsearch will use your Kerberos tickets if you have them.  You'd need to
> have Kerberos clients installed on the system hosting your LDAP tools, and
> have it configured to know where the KDCs are for your ADS realm.  Then
> 'kinit user@REALM' will get you a TGT from one of the ADS DCs.  After
> that, the OpenLDAP tools should negotiate the necessary service ticket
> and present it to the LDAP service with no further need for passwords.

I tried this once, but it didn't work right "out of the box" and I let it
go. ldapsearch was asking the w2k kdc for a ldap/hostname ticket, which
the w2k machine didn't have. I assumed it was due to that authorization
field that MS implemented and I didn't investigate it further.

Are you saying that this actually works?