[wellylug] LDAP info

Daniel Pittman daniel at rimspace.net
Wed Sep 19 22:50:12 NZST 2007 

Cliff Pratt <enkidu at cliffp.com> writes:
> Daniel Pittman wrote:
>> Cliff Pratt <enkidu at cliffp.com> writes:

[...]

>>>> Does LDAP sound like the right type of tool to use in this case?
>> 
>> No, because you want to integrate with Active Directory
>> authentication.
>> 
> Does he yet have AD? From what I read, I'm not sure he has.

Unless he has an incredibly uncommon (and full of third party tools)
configuration then to have LDAP you have AD -- but I take your point.  

If he didn't have AD but did, somehow, have LDAP then he would want a
different answer. :)

[...]

>>> Samba is not after all an *authentication* tool,
>> 
>> Yes, it is.
>> 
>>> but it does provide some authentication (usually to authenticate
>>> Winders users to Unix resources).
>> 
>> No, it provides the SMB authentication layer against whatever
>> back-end you care to configure.  This can be an internal database
>> derived from the Unix account database or whatever part of a real
>> Windows domain you care to name.
> 
> So, will it (running on A) authenticate a user (X) using a back-end on
> C? And can the credentials that it gathers can be used to allow X to
> access a resource on D?

For some values of A, X, C and D, yes.  It allows, specifically, you to
have the same behavior as a standard Windows, Kerberos, Unix LDAP, NIS
or similar "domain" system -- one account pool, a set of master servers,
distributed and transitive trust, etc, etc.

In this specific case it does it by integrating with the LDAP, Kerberos
and other features of Active Directory to participate in a Windows
domain.[1]

(Also of note: it allows you to authenticate anything that talks PAM
 against that Active Directory / Kerberos infrastructure, as well as
 providing NSS support to the same LDAP source.)

Regards,
        Daniel

Footnotes: 
[1]  It can't yet be a master server in such a domain.

-- 
Daniel Pittman <daniel at cybersource.com.au>           Phone: 03 9621 2377
Level 4, 10 Queen St, Melbourne             Web: http://www.cyber.com.au
Cybersource: Australia's Leading Linux and Open Source Solutions Company

More information about the wellylug mailing list