ldap gina

Kervin Pierre kpierre at fit.edu
Thu Mar 7 14:13:11 GMT 2002 

Hi,

I'm very interested in this.  Do you have the code somewhere?

I've been trying to get something related working here for a while now. 
  My issue is to keep a OpenLDAP directory user passwords and Win2k 
passwords in sync, and in both directions.  I had ruled out gina but 
password filters,

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/pswd_portal_9tph.asp

would allow the synchronization unintrusively.

--Kervin



Osama Dengler wrote:
> Hello David,
> 
> the project consists of two parts: 1.) a GINA that handles all user
> input and 2.) LdapLsaAp, a windows NT authentication package
> that authenticates the user against a LDAP directory and creates
> a primary security token. I'm working on this authentication package
> at the moment. First I thought about retrieving the user's information
> from the LDAP which worked fine but had the disadvantage that all
> other WinNT subsystems retrieve their information from the SAM.
> This could lead to confusing situations (e.g. granting access to a
> file for a particular user but that user account doesn't exist in the
> LDAP dir). Therefore I'm rewriting the authentication package to also
> gather all information - except the user's password - from the SAM.
> 
> In the meantime I'm tending back towards the first solution for
> various reasons (mainly because it's a pain to get all information
> required for a primary token without all the undocumented SAM
> calls). The best setup might be a samba server as PDC using
> LDAP for the SAM information together with LdapLsaAp accessing
> the same SAM data.
> 
> I'd be happy to have more people contributing and discussing this, 
> especially as I'm currently having pretty few time for the project due
> to the normal work overload.
> 
> As more and more people are asking for the source I'm planning to
> put them on a web page for download. Please give me a few more days
> (probably during the weekend) and I'll post the URL. If You need the
> code earlier I can send You a zip file.
> 
> What are You planning to use the software for?
> 
> So far,
> Osama
> 
> 
>>I read on a samba mailing list you were working on a gina that
>>authenticated to ldap.  I would be interested in finding more about that.
>>Does the code actually create a local user?  or does it get the SID from
>>the ldap?
>>Send me the code if that is possible.
>>Thanks
>>--David Dougall
>>
> 
> 
> 
> ---
> Osama Dengler
> http://www.jazz-on-the-rocks.de/
> 
> 



-- 
http://linuxquestions.org/ - Ask linux questions, give linux help.

More information about the samba-technical mailing list