in iPlanet LDAP, there is an identity mapping that needs to be set up to map user's identity on LDAP side.
i don't know about openLDAP, though. paul b wrote: > Hello, > I am currently trying to set up a LDAP-Kerberos environment and I have > some problems understanding how LDAP finds the correct user in the > directory once a person has presented its ticket to the LDAP server. > In fact, the goal is that the user authenticates to Kerberos and if > the login went well, he gets his context(home directory, shell,..) > from the LDAP directory: > > If I understood LDAP-Kerberos well, the user gets a service ticket for > the LDAP-server and when he presents this ticket to the LDAP server, > the name contained in the service-ticket will be mapped to a field in > the LDAP directory. Can someone tell me how the LDAP server finds the > right entry when the user presents the ticket. On some sites, I read > that I have to enter a "krbName" entry for each user in the LDAP and > that the LDAP-server searches the "krbName" in the LDAP directory > corresponding to the name contained in the ticket. > Is this true, do I have to add a krbName for each of users or is there > an easier way? > > On client side, does PAM-LDAP all the work for me or do I have to add > additional PAM-modules? (of course, I use pam_krb for the Kerberos > authentication) > > Thanx in advance > CB ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
