[Date Prev][Date Next]
Re: Passthrough Authentication? (fwd)
If your PDC is Win2k, I think you can use sasl+kerberos ( I've never
actually done it ), no external packages needed.
If you want to keep your credential information in OpenLDAP but just
want to synchronize accounts and passwords to windows, you can try
OpenLDAP replica+backperl on the windows PDC and a perlModule. This
method would work with WinNT as well.
Here's an windows bind method for backperl that uses ADSI.
my $debug = 3;
# 'this' pointer, ala C++
# OO perl is all the rage.
my $this = shift;
# dn trying to bind as
my $dn = shift;
# password supplied with this dn
my $pass = shift;
# expects first attribute in dn to be principle name
# removes first attribute
my $rest = (split('=',$dn,2));
# splint the rest of the dn into 2 parts
my ($uid, $ou) = (split(',',$rest,2));
# LDAP URL of the domain
my $ou = "LDAP://".$ou;
print ">>>>>>>pass = '$pass'\nou = '$ou'\nuid = '$uid'\n" if( $debug > 2 );
# Specify that we're using LDAP
my $objNameSpace = Win32::OLE->GetObject ('LDAP:');
if( ! defined $objNameSpace )
print "ERROR: Could not creat LDAP object\n" if( $debug > 0 );
# Try to bind as the user
my $objObjSec = $objNameSpace->OpenDSObject($ou, $uid, $pass, 1);
# Find out if we were successful
my $retval = Win32::OLE->LastError();
# If we weren't those variables may not be defined.
# If they are, close them.
$objObjSec->Close if( defined $objObjSec );
$objNameSpace->Close if( defined $objNameSpace );
# Return 0 for success, 1 for failure.
$retval = 1 if $retval;
Paul Reilly wrote:
Looks like this didn't make it through to the openldap-software
list. Does anyone know if anything like this exists?
---------- Forwarded message ----------
Date: Thu, 27 Jun 2002 19:33:30 +0100 (IST)
From: Paul Reilly <firstname.lastname@example.org>
Are there any packages for OpenLDAP which provide passthrough
authentication for bind operations to a windows PDC? I'm looking
for something along the lines of this for OpenLDAP:
But apparantly this only works with iPlanet.