Welcome to the Linux Foundation Forum!
how to authenticate domain users to openldap
I think this question has been asked by many people but I still can't seem to find the answer for it. I would like to have my Windows Active Directory users, either logon to the domain using desktop or Termainal server, to authenticate to an Openldap server so that they can access resource on the linux machines. I tried Microsoft's Service for Unix but it only support NIS or password file synchronization.
Thanks
0
Comments
Thanks
just my $0.02
For example, where I work, we use AD for user authentication. The AD stuff is accessible via MANY protocols, I have Kerberose, LDAP, Cisco TACACS+, RADIUS, PEAP, EAP-TLS, etc, but they all back end on the same database of users in Active directory. That's SSO.
The only other thing you can do, that I can think of, is that if the resources in question are accessible via the WEB, you can try to implement Security Assertion Markup Language (SAML), but that scares the heck out of me. You could also, with some hacking try to make that work with PAM. To best of my knowledge there is no current SAML plugin for PAM, but I had been toying with the idea of writing one (as much as SAML scares me).
Configuration¶
First enable the
LDAP user and group backend
app on the Apps page in ownCloud. Then go to your Admin page to configure it.The LDAP configuration panel has four tabs. A correctly completed first tab (“Server”) is mandatory to access the other tabs. A green indicator lights when the configuration is correct. Hover your cursor over the fields to see some pop-up tooltips.
Server Tab¶
Start with the Server tab. You may configure multiple servers if you have them. At a minimum you must supply the LDAP server’s hostname. If your server requires authentication, enter your credentials on this tab. ownCloud will then attempt to auto-detect the server’s port and base DN. The base Dynamic DNS and port are mandatory, so if ownCloud cannot detect them you must enter them manually.