[Discuss] AD/LDAP authentication
David Rosenstrauch
darose at darose.net
Wed Dec 13 15:35:10 EST 2017
On 2017-12-13 3:20 pm, Richard Pieri wrote:
> On a completely different topic from document conversion...
>
> My employer has two Active Directory domains. I need to set up some
> Linux servers (RHEL, SUSE and Ubuntu) to use both domains for user
> authentication. Users get accounts on one or the other, never both.
> This
> is a mandate from Legal so the easy answer is off the table.
>
> SSSD and Winbind work for binding to one domain or the other but I
> can't
> bind to both at the same time (Red Hat promised this in RHEL 7 but have
> yet to deliver). So I figure I can use AD for one domain and LDAP bind
> authentication for the other, or LDAP binds to each domain, but I can't
> either working.
>
> Yes, I'm doing something wrong. No, I don't know what. And, my
> Google-Fu
> is only finding single AD or LDAP auth server configurations. Has
> anyone
> here done anything like this before? Have any references you can point
> me at?
>
> Thanks.
This might be a pointer in the right direction, or might be a wild goose
chase. (And apologies if the latter.)
I did a project a few employers ago to add single-signon capabilities to
their product, via integration with Active Directory. It's been a bunch
of years since the project, so I don't remember a lot. But IIRC the way
we did it was to use libcurl in conjunction with GSSAPI (which, IIRC, is
not compiled into libcurl by default) in order to do the integration. I
eventually did get it to work, and the product successfully did SSO
using the AD system.
Again, not 100% sure if this is the info you're looking for. If so, and
if you have additional questions, feel free to respond back on or
off-list and I can refer back to my notes for more details.
HTH,
DR
More information about the Discuss
mailing list