Differences

This shows you the differences between two versions of the page.

--- ldap_integration [2009/08/18 09:37] – alan
+++ ldap_integration [2009/08/18 09:40] – alan
@@ Line 4: / Line 4: @@
 ILRI's Active Directory servers are configure to [[http://support.microsoft.com/kb/326690|disallow anonymous binds]] (you have to authenticate in order to query), so we need to use a semi-privileged account in order to run queries.  Robert Okal has given me an account to perform queries.
-This was working once, using a //slightly// customized PAM module.  In order to use the module several steps are needed.  Download the module source and compile it as shown below:
-  * Compile the code:  ''gcc -fPIC  -c pam_cgiar_ldap.c''
-  * Link the code:  ''ld -x --shared -o pam_cgiar_ldap.so –lldap pam_cgiar_ldap.o''
 The Active Directory server must not only be a domain controller, but must be running the [[http://technet.microsoft.com/en-us/library/cc978012.aspx|global catalog service]] (port 3268) in order for our LDAP queries to work properly.  ILRI Kenya's Active Directory servers are:
@@ Line 13: / Line 9: @@
   * 172.26.0.219
   * 172.26.0.220 <- running a global catalog server (port 3268)
+This was working once, using a //slightly// customized PAM module.  In order to use the module several steps are needed.  Download the module source and edit the code to point to the correct server, then compile it as shown below:
+  * Compile the code:  ''gcc -fPIC  -c pam_cgiar_ldap.c''
+  * Link the code:  ''ld -x --shared -o pam_cgiar_ldap.so –lldap pam_cgiar_ldap.o''
 **pam_cgiar_ldap.c**: