[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: LDAP/Kerberos user management

Umm, sorry about my last message, I intended it to go to the Kerberos
mailing list...

But anyway, thanks for the responses.  We may end up writing a few scripts
for this; the data from the website will be directly loaded into an Oracle
db, so that may be one way to go.  A few leads I received from the kerberos
site also might prove worthwhile.

Thanks again  --  John

-----Original Message-----
From: Al Lilianstrom [mailto:al.lilianstrom@fnal.gov]
Sent: Friday, August 23, 2002 4:47 AM
To: John Green
Cc: Openldap-Software (E-mail)
Subject: Re: LDAP/Kerberos user management

We did something like this. A Oracle application drives a couple of
scripts when a new user is added to a particular database. One script
issues kadmin scripts to add the user to the MIT KDC. The second script
uses the OpenLDAP tools ldapsearch and ldapmodify to add the same user
to Active Directory. Kerberos is used for authentication all around so
there are no passwords going over the network at any time.


John Green wrote:
> Hi, I am trying to find a method for a principal automatically being
> in a Kerberos database while at the same time adding a corresponding entry
> to an LDAP database.  Has anyone heard of or is anyone using something
> this?  I have found some utilities for sale on the web (some might even
> work), just looking for alternatives.  I am trying to automate the
> of username/password/ldap_entry/Kerberos_principal/customer_web_site,
> the customer will be able to accomplish without IT intervention from a
> common web site.
> Thanks for any help or advice  --  John


Al Lilianstrom