[Maintain] Have Maintain authenticate against an AD Forest?
Dawn Keenan
dkeenan at mailservices.uwaterloo.ca
Tue Dec 18 15:39:39 UTC 2007
Nielson, Adam wrote:
> Can you set up Maintain to authenticate against LDAP/an AD forest? We have a few administrators that need access, and am wanting to know if its feasible to leverage LDAP to authenticate instead of having to have usernames/passwords to log in every time?
There is an auth_ldap module in Maintain 3.x. Getting the configuration
right to authenticate to Active Directory is similar to using LDAP
authentication to AD under Apache 2.
The binddn and bindpw configuration strings need to be set up for a
generic "bind for Unix authentication" account since it seems anonymous
binds are forbidden in Microsoft-land. Other values to check carefully
are basedn (the dc=... set), userdn (typically something like ou=Users),
and useroc (sAMAccountName). There is a debug flag in the module config
that can help you figure out the setup for your site.
--
Dawn Keenan
Network Services, IST
University of Waterloo
More information about the maintain
mailing list