You can use SSL to encrypt an LDAP conversation just like HTTP. This increases security but it is not a substitute for authentication. You can also write your own SSPI if you know how to that could handle authentication for you, but that is only half of the problem.
| "Byrne, Steve" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 12/17/2002 02:29 PM
|
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> cc: Subject: RE: [ActiveDir] AD and LDAP and single sign on for UNIX |
Thanks, I will look into a commercial product as I think it will save me time in the long run.. A lot of people I have spoken to are under the impression that AD LDAP can be used as an authentication protocol. I see now this is not true, however I did read somewhere that LDAP v3 can support some type of encryption to allow secure transfer of sensitive data. Is this true?
-----Original Message-----
From: M�rcio Schneider [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 18 December 2002 2:24 a.m.
To: [EMAIL PROTECTED]
Subject: RES: [ActiveDir] AD and LDAP and single sign on for UNIX
Both roads. You can do the auth via kerberos, and retrieve user and group info from AD. It works, I tested here. See www.padl.com for more info.
Regards,
M�rcio Schneider
-----Mensagem original-----
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Em nome de Byrne, Steve
Enviada em: ter�a-feira, 17 de dezembro de 2002 01:38
Para: '[EMAIL PROTECTED]'
Assunto: RE: [ActiveDir] AD and LDAP and single sign on for UNIX
Should I go down the Kerberos road or the LDAP road... What do others prefer to do?
-----Original Message-----
From: Larry A. Duncan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 17 December 2002 4:19 p.m.
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD and LDAP and single sign on for UNIX
It's slow to load, but this PDF has some good information about using LDAP as the singular provider.
http://www.dayioglu.net/presentations/ldap-auth.pdf
Larry A. Duncan, MCSA/MCSE
Solutions Architect, CompTrends Consulting
[EMAIL PROTECTED]
http://www.comptrends.com/
ph. 615.598.0241
DMOZ: Systems_Management/Installers
LAUNCHCast Radio: 1237556939
Columnist: myITForum.com
Author: Windows & .NET Magazine
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Byrne, Steve
Sent: Monday, December 16, 2002 8:51 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] AD and LDAP and single sign on for UNIX
Is it possible to get our users to authenticate to our UNIX boxes using their AD account? I was hoping I could use LDAP
