ldap_integration
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
ldap_integration [2009/08/21 06:39] – 172.26.0.166 | ldap_integration [2012/02/06 08:43] (current) – [Apache Authentication] aorth | ||
---|---|---|---|
Line 2: | Line 2: | ||
ILRI uses an Active Directory server for user authentication, | ILRI uses an Active Directory server for user authentication, | ||
+ | |||
+ | ===== Implementation ===== | ||
+ | |||
+ | Active Directory integration will work if we use Likewise-Open. | ||
+ | * HPC must have the correct time (AD authenticates via Kerberos, which is heavily sensitive to time) | ||
+ | * HPC must be able to access AD on several TCP ports (kerberos, LDAP, etc) | ||
===== Notes ===== | ===== Notes ===== | ||
+ | ===== Apache Authentication ===== | ||
+ | It's possible to use Basic authentication via Active Directory in web applications. | ||
+ | |||
+ | Make sure Apache has '' | ||
+ | < | ||
+ | # a2enmod perl | ||
+ | # apache2ctl graceful</ | ||
+ | |||
+ | Install the required perl dependencies for Apache and LDAP: | ||
+ | < | ||
+ | |||
+ | Install the required AD Auth package and any dependencies it has using CPAN: | ||
+ | < | ||
+ | > install Apache2:: | ||
+ | |||
+ | Then add a stanza such as this to your Apache config: | ||
+ | < | ||
+ | | ||
+ | | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | # | ||
+ | | ||
+ | |||
+ | That stanza can go in a VirtualHost, | ||
+ | |||
+ | ==== Likewise-Open ==== | ||
+ | Open source standalone implementation of Samba, OpenLDAP, Kerberos, etc for Active Directory integration: | ||
+ | |||
+ | * open ports in Firewall (Active Directory, NTP, Kerberos) | ||
+ | * make sure time is in sync with the server! | ||
+ | * Likewise-Open has their own CIFS server but can also work with existing Samba installs I think | ||
==== Using ldapsearch on Linux ==== | ==== Using ldapsearch on Linux ==== |
ldap_integration.txt · Last modified: 2012/02/06 08:43 by aorth