Differences

This shows you the differences between two versions of the page.

--- ldap_integration [2009/08/17 08:44] – aorth
+++ ldap_integration [2009/08/18 09:37] – alan
@@ Line 2: / Line 2: @@
 ILRI uses an Active Directory server for user authentication, which is primarily used for Exchange e-mail services.  Active Directory is Microsoft's version of LDAP with a little special sauce.  Currently users have an Active Directory username and password for their Windows-centric single sign on and e-mail, and then they have a separate account for use with the HPC.  There exists functionality in Linux to look at Active Directory for user authentication.
+ILRI's Active Directory servers are configure to [[http://support.microsoft.com/kb/326690|disallow anonymous binds]] (you have to authenticate in order to query), so we need to use a semi-privileged account in order to run queries.  Robert Okal has given me an account to perform queries.
 This was working once, using a //slightly// customized PAM module.  In order to use the module several steps are needed.  Download the module source and compile it as shown below:
@@ Line 53: / Line 55: @@
   ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &version);
   ldap_set_option( NULL, LDAP_OPT_NETWORK_TIMEOUT, &timeOut);
-  ld = ldap_init("172.26.12.11" , 389 );
+  ld = ldap_init("172.26.0.218" , 389 );
   if (ld==NULL) printf("\nproblems connecting\n");
   int rc;