best of 2 worlds
Andreas Boeckler
abo at netlands.de
Thu Sep 27 11:10:04 GMT 2001
hi,
has anyone tried to combine the purpose of the libnss_ldap and libnss_winbind module?
Instead of talking in Legacy mode to an WIN2K DC, it would be possible to do a ldaprequest to it:
kinit <user>
ldapsearch -h <pdc-host> -L -b "DC=DOMAIN,DC=NET" "(objectClass=user)"
returns the user-list
ldapsearch -h <pdc-host> -L -b "DC=DOMAIN,DC=NET" "(objectClass=group)"
returns the groups-list
ldapsearch -h <pdc-host> -L -b "DC=DOMAIN,DC=NET" "(sAMAccountName=<user>) objectSid
returns the SID of the user or group or whatever ..
I think, the only problem is the preauthentication to make the ldaprequest,
but that could be solved with this:
http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp
greetings
Andy
--
Andreas Böckler netlands edv consulting GbR
mailto:abo at netlands.de
BOFH excuse #384: t's an ID-10-T error
More information about the samba-ntdom
mailing list