[Discuss] AD/LDAP authentication

[darose at darose.net (David Rosenstrauch)]

On 2017-12-13 3:20 pm, Richard Pieri wrote:
> On a completely different topic from document conversion...
> 
> My employer has two Active Directory domains. I need to set up some
> Linux servers (RHEL, SUSE and Ubuntu) to use both domains for user
> authentication. Users get accounts on one or the other, never both. 
> This
> is a mandate from Legal so the easy answer is off the table.
> 
> SSSD and Winbind work for binding to one domain or the other but I 
> can't
> bind to both at the same time (Red Hat promised this in RHEL 7 but have
> yet to deliver). So I figure I can use AD for one domain and LDAP bind
> authentication for the other, or LDAP binds to each domain, but I can't
> either working.
> 
> Yes, I'm doing something wrong. No, I don't know what. And, my 
> Google-Fu
> is only finding single AD or LDAP auth server configurations. Has 
> anyone
> here done anything like this before? Have any references you can point
> me at?
> 
> Thanks.


This might be a pointer in the right direction, or might be a wild goose 
chase.  (And apologies if the latter.)

I did a project a few employers ago to add single-signon capabilities to 
their product, via integration with Active Directory.  It's been a bunch 
of years since the project, so I don't remember a lot.  But IIRC the way 
we did it was to use libcurl in conjunction with GSSAPI (which, IIRC, is 
not compiled into libcurl by default) in order to do the integration.  I 
eventually did get it to work, and the product successfully did SSO 
using the AD system.

Again, not 100% sure if this is the info you're looking for.  If so, and 
if you have additional questions, feel free to respond back on or 
off-list and I can refer back to my notes for more details.

HTH,

DR