On 4/14/2013 7:31 AM, [email protected] wrote: > Our application needs to construct User DN after successful authentication > for authorization.Currently what application has is user principal name. > > User principal name is of format: Userame@RealmName And user DN is of the > form > cn=<Username>,cn=Users,cn=<DomainName>,cn=com
Unless the LDAP database is used by the KDC, you will have problems. Are referring to "DomainName" as in Windows Active directory? If so you can do an LDAP query of AD for userPrincipalName BUT if you are using smartcards issued by outside CAs the userPprincipalName may not match. (MS overloaded the userPrincipalName definition.) AD Kerberos will map to an account mapping usernam@realm to userPrincipalName or sAMAccontName@domain. If the application LDAP database is not one of the above, you may need to add a userPrincipalName attribute to itso you can do the mapping. > > As Realm need not be always same as Domain name: How to get this > <DomainName> using the Realm in the user name? > Any suggestions to solve this problem would be of help. > > Currently we are using MIT libraries v1.5.3. Soon we will upgrade to latest. > > Thanks, > Dipti > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > -- Douglas E. Engert <[email protected]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
