[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Heimdal to LDAP integration

To: heimdal-discuss@sics.se
Subject: Heimdal to LDAP integration
From: "Thomas Sant Ana" <mailleux@gmail.com>
Date: Mon, 4 Jun 2007 10:08:31 -0300
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; b=QbwuHC6kYgMVqMy8Z/7GugUILSb6wibrCKdeyxbU4zpXhdoJt1fz+vpA4d24Idyy9YhnUnzwncVvRdicthGzXGf8ewucHH5BqGWosaej0rLuLSF5FLKQzTIWRHOo1bOVYxjQW8d90dph1ud6e1SQOZGaZE5TjS8Il+l8sCBvKsU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=eRTX9rYqg00FTehE0eIUnUBctLvMc3Tw4EI9a+kdNshK5iL0pedIAM8ed7aPdTKuTkB+SeWHwWmvZjJyyFQhmh2P37Aj9TpV1F20EIzckg7Yz3qjm9U2P7i+zj/VW6oLOd8t9sO1L8fU1u6FRXWnD7PzpyG+7ZFc78/jBSk+XdU=
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
Reply-To: heimdal-discuss@sics.se, "Thomas Sant Ana" <mailleux@gmail.com>

People,

I have the following scenario:

1) I have a corporate LDAP to which I can bind, but cannot change at all.
2) I have a 100 unix/linux machines that are associated to projects

I would like to have a way to authenicate all my machines using the password on the corporate directory, but I can't touch it. What I was thinking in doing was:

1) Setup Heimdal Kerberos to authenticate users on my machines
2) Associate a Kerberos Principal to a LDAP DN
3) When an authentication is required on Kerberos, it will map to a DN and attempt a bind.

I've seen several howtos, describing how to link Kerberos and LDAP, but all assume I can shape the LDAP as needed. This IS NOT my case, I can't touch the LDAP.

Is there a way to do this (we may code in C for this)?
What is the best way to solve this?

Thanks in advance,

Thomas Santana

Follow-Ups:
- Re: Heimdal to LDAP integration
  - From: Love Hörnquist Åstrand <lha@kth.se>
- Re: Heimdal to LDAP integration
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

Prev by Date: No Subject
Next by Date: Re: Heimdal to LDAP integration
Prev by thread: No Subject
Next by thread: Re: Heimdal to LDAP integration
Index(es):
- Date
- Thread