ldap gina

Osama Dengler osama at denglernet.de
Wed Mar 6 00:28:09 GMT 2002

Hello David,

the project consists of two parts: 1.) a GINA that handles all user
input and 2.) LdapLsaAp, a windows NT authentication package
that authenticates the user against a LDAP directory and creates
a primary security token. I'm working on this authentication package
at the moment. First I thought about retrieving the user's information
from the LDAP which worked fine but had the disadvantage that all
other WinNT subsystems retrieve their information from the SAM.
This could lead to confusing situations (e.g. granting access to a
file for a particular user but that user account doesn't exist in the
LDAP dir). Therefore I'm rewriting the authentication package to also
gather all information - except the user's password - from the SAM.

In the meantime I'm tending back towards the first solution for
various reasons (mainly because it's a pain to get all information
required for a primary token without all the undocumented SAM
calls). The best setup might be a samba server as PDC using
LDAP for the SAM information together with LdapLsaAp accessing
the same SAM data.

I'd be happy to have more people contributing and discussing this, 
especially as I'm currently having pretty few time for the project due
to the normal work overload.

As more and more people are asking for the source I'm planning to
put them on a web page for download. Please give me a few more days
(probably during the weekend) and I'll post the URL. If You need the
code earlier I can send You a zip file.

What are You planning to use the software for?

So far,

> I read on a samba mailing list you were working on a gina that
> authenticated to ldap.  I would be interested in finding more about that.
> Does the code actually create a local user?  or does it get the SID from
> the ldap?
> Send me the code if that is possible.
> Thanks
> --David Dougall

Osama Dengler

More information about the samba-technical mailing list