Linux.com

Home Linux Community Forums Linux System Administration Network Management how to authenticate domain users to openldap

how to authenticate domain users to openldap

Link to this post 25 Feb 10

It's not my decision of having 2 directories, it is just that we have two group of users, liunx and windows and they need their directory server and they are managed by different groups of admin. The idea is that we are looking for SSO solution (at least from the Windows perspective). I looked at likewise as well but that is using AD as the directory source which doesn't work in our situation.

Link to this post 25 Feb 10

Having 2 Directories is in fact contradictory to SSO. You either have SSO and everyone's accounts live ina single location, or you have multiple user repositories, and take on the administrative nightmare.

For example, where I work, we use AD for user authentication. The AD stuff is accessible via MANY protocols, I have Kerberose, LDAP, Cisco TACACS+, RADIUS, PEAP, EAP-TLS, etc, but they all back end on the same database of users in Active directory. That's SSO.

The only other thing you can do, that I can think of, is that if the resources in question are accessible via the WEB, you can try to implement Security Assertion Markup Language (SAML), but that scares the heck out of me. You could also, with some hacking try to make that work with PAM. To best of my knowledge there is no current SAML plugin for PAM, but I had been toying with the idea of writing one (as much as SAML scares me).

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board