Re: Active Directory bind to 3rd party LDAP for authentication

Since LDAP is not an authentication protocol, it would be helpful to know
what binding protocol you intend to use. If you can use Kerberos, you
should be successful by setting up a trust between AD domain and the
external Kerberos realm. After doing that, you need to map user principal
names in the external realm to your AD users. Once that is done, users can
log into desktops using their Kerberos creds from the external realm.

Paul Nelson

in article #1WYUQoUFHA.3112@xxxxxxxxxxxxxxxxxxxx, Joe Kaplan (MVP - ADSI) at
joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx wrote on 5/6/05 4:39 PM:

> You can't do this via LDAP. It might be possible to get AD to authenticate
> to an external Kerberos realm (although I'm not sure if that is actually
> possible either), but you definitely can't make AD authenticate to another
> source via LDAP.
>
> Joe K.
>
> "Jason S" <Jason S@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:F93D141F-D4DE-464D-A110-7D9548F903A4@xxxxxxxxxxxxxxxx
>> I have a standalone Active Directory in a test domain. I would like to be
>> able to have users access services in this domain using credentials that
>> are
>> stored in our corporate directory (3rd party LDAP server). I can add user
>> accounts to the local Active Directory, but I want credential checking
>> (authentications) to be referred to the LDAP server. Is there any way to
>> have Active Directory refer authentications to an LDAP server (by issuing
>> a
>> bind to LDAP). Or, is there any way that I can program this myself (C#,
>> java, whatever...).
>>
>> Thanks,
>>
>> Jason
>
>


.

Relevant Pages

  • Re: ipfw plus authentication (authpf is cool but....)
    ... their ipaddress, mac address, workstation os, etc. in our ldap directory. ... gain network access is indeed belongs to that user. ... router first before being allowed to access any server. ... user will authenticate to a web based login form which is tied up ...
    (freebsd-questions)
  • Re: Need help for AFS+K5+LDAP
    ... I'd suggest getting Kerberos authentication to work for local accounts ... And then try to get LDAP working. ... to enable getting AFS tokens at login, ... >> What I'd like to do is letting our users authenticate over mit kdc, ...
    (comp.unix.aix)
  • Re: MIT Kerberos LDAP backend
    ... not the KDC access to its data stored in LDAP that you are interested ... We do want to use the KDC, but for it to access our pre-existing data in LDAP, but not write anything there. ... However we have a long term plan of rolling out an SSO service, and thought Kerberos would be best suited as there seems to be many Kerberos aware systems, and we may in the long term be moving to Active Directory which I believe is Kerberos which would give us an even greater scope of using Kerberos including for system logins. ... So what we would have liked is for a web-based user to go to one of our web applications that requires authentication and for them to authenticate in a way that ends up with them having a valid Kerberos ticket somehow for other Kerberos aware applications, so they don't get asked for user/pass again in a session. ...
    (comp.protocols.kerberos)
  • RE: Authentication Windows client against Kerberos MIT and authorizing against OpenLDAP.
    ... authorizing against OpenLDAP. ... but I got it to work so the XP workstations authenticate ... and then used MIT Kerberos on the desktops to ... same LDAP database, the user only had one password, and was ...
    (comp.protocols.kerberos)
  • Re: Trouble Authenticating users from trusted domains
    ... For the internal referrals, ... We have a new ERP system that can either authenticate with it's own user ... If you specify an LDAP server, ... >> login as a user from the child domain, ...
    (microsoft.public.win2000.active_directory)
Quantcast