ldap gina
Kervin Pierre
kpierre at fit.edu
Thu Mar 7 14:13:11 GMT 2002
Hi,
I'm very interested in this. Do you have the code somewhere?
I've been trying to get something related working here for a while now.
My issue is to keep a OpenLDAP directory user passwords and Win2k
passwords in sync, and in both directions. I had ruled out gina but
password filters,
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/pswd_portal_9tph.asp
would allow the synchronization unintrusively.
--Kervin
Osama Dengler wrote:
> Hello David,
>
> the project consists of two parts: 1.) a GINA that handles all user
> input and 2.) LdapLsaAp, a windows NT authentication package
> that authenticates the user against a LDAP directory and creates
> a primary security token. I'm working on this authentication package
> at the moment. First I thought about retrieving the user's information
> from the LDAP which worked fine but had the disadvantage that all
> other WinNT subsystems retrieve their information from the SAM.
> This could lead to confusing situations (e.g. granting access to a
> file for a particular user but that user account doesn't exist in the
> LDAP dir). Therefore I'm rewriting the authentication package to also
> gather all information - except the user's password - from the SAM.
>
> In the meantime I'm tending back towards the first solution for
> various reasons (mainly because it's a pain to get all information
> required for a primary token without all the undocumented SAM
> calls). The best setup might be a samba server as PDC using
> LDAP for the SAM information together with LdapLsaAp accessing
> the same SAM data.
>
> I'd be happy to have more people contributing and discussing this,
> especially as I'm currently having pretty few time for the project due
> to the normal work overload.
>
> As more and more people are asking for the source I'm planning to
> put them on a web page for download. Please give me a few more days
> (probably during the weekend) and I'll post the URL. If You need the
> code earlier I can send You a zip file.
>
> What are You planning to use the software for?
>
> So far,
> Osama
>
>
>>I read on a samba mailing list you were working on a gina that
>>authenticated to ldap. I would be interested in finding more about that.
>>Does the code actually create a local user? or does it get the SID from
>>the ldap?
>>Send me the code if that is possible.
>>Thanks
>>--David Dougall
>>
>
>
>
> ---
> Osama Dengler
> http://www.jazz-on-the-rocks.de/
>
>
--
http://linuxquestions.org/ - Ask linux questions, give linux help.
More information about the samba-technical
mailing list