ldap_integration
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
ldap_integration [2009/08/18 09:37] – alan | ldap_integration [2009/08/20 09:27] – 172.26.0.166 | ||
---|---|---|---|
Line 1: | Line 1: | ||
===== LDAP Integration ===== | ===== LDAP Integration ===== | ||
- | ILRI uses an Active Directory server for user authentication, | + | ILRI uses an Active Directory server for user authentication, |
- | ILRI's Active Directory servers are configure to [[http:// | + | ===== Notes ===== |
- | This was working once, using a //slightly// customized PAM module. In order to use the module several steps are needed. | + | ==== Using '' |
- | * Compile | + | Try to search from a Linux machine which can talk to the AD server (HPC is behind firewall): |
- | * Link the code: ' | + | < |
+ | Enter LDAP Password: | ||
+ | ldap_bind: Invalid credentials (49) | ||
+ | additional info: 80090308: LdapErr: DSID-0C090334, | ||
+ | According | ||
+ | < | ||
+ | DEC: 1317 – ERROR_NO_SUCH_USER (The specified account does not exist.) | ||
+ | NOTE: Returns when username is invalid.</ | ||
+ | ==== binddn ==== | ||
+ | A note of possible interest regarding binding on Linux (from the [[http:// | ||
+ | < | ||
+ | only accept binds on that port. You cannot bind as a user on port 389. I | ||
+ | don't think they support TLS on port 389, but I have no tried in a long | ||
+ | time.</ | ||
+ | ==== Domain controller vs. Global catalog ==== | ||
+ | < | ||
- | The Active Directory server must not only be a domain controller, but must be running the [[http://technet.microsoft.com/ | + | ===== pam_cgiar_ldap.c ===== |
- | * 172.26.0.218 <- running a global catalog server (port 3268) | + | Someone hacked up a PAM module several years ago which could be dropped into a Linux server and allow AD authentication with minimal configuration. |
- | * 172.26.0.219 | + | <note warning> |
- | * 172.26.0.220 <- running a global catalog server (port 3268) | + | |
+ | This was working once, using a // | ||
+ | * Compile the code: '' | ||
+ | * Link the code: '' | ||
**pam_cgiar_ldap.c**: | **pam_cgiar_ldap.c**: |
ldap_integration.txt · Last modified: 2012/02/06 08:43 by aorth