Thanks Douglas. The support is mainly for active directory and MIT KDC.
I was looking for some Kerberos API which can get me the domain name with realm-domainName mapping. Actually DomainName is required at Authorization directory to construct a search filter and it is not recommended to do a bind from this server with AD/MIT_KDC just to retrieve domain name. Please let me know if you have any more suggestions. Thanks. On Mon, Apr 15, 2013 at 8:39 PM, Douglas E. Engert <[email protected]> wrote: > > > On 4/14/2013 7:31 AM, [email protected] wrote: > > Our application needs to construct User DN after successful > authentication > > for authorization.Currently what application has is user principal name. > > > > User principal name is of format: Userame@RealmName And user DN is of > the > > form > > cn=<Username>,cn=Users,cn=<DomainName>,cn=com > > Unless the LDAP database is used by the KDC, you will have problems. > > Are referring to "DomainName" as in Windows Active directory? > If so you can do an LDAP query of AD for userPrincipalName > BUT if you are using smartcards issued by outside CAs > the userPprincipalName may not match. (MS overloaded the > userPrincipalName definition.) AD Kerberos will map > to an account mapping usernam@realm to userPrincipalName or > sAMAccontName@domain. > > If the application LDAP database is not one of the above, you may > need to add a userPrincipalName attribute to itso you can do the mapping. > > > > > > As Realm need not be always same as Domain name: How to get this > > <DomainName> using the Realm in the user name? > > Any suggestions to solve this problem would be of help. > > > > Currently we are using MIT libraries v1.5.3. Soon we will upgrade to > latest. > > > > Thanks, > > Dipti > > ________________________________________________ > > Kerberos mailing list [email protected] > > https://mailman.mit.edu/mailman/listinfo/kerberos > > > > -- > > Douglas E. Engert <[email protected]> > Argonne National Laboratory > 9700 South Cass Avenue > Argonne, Illinois 60439 > (630) 252-5444 > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > -- Have a nice day! Regards, Dipti http://in.linkedin.com/in/diptivs ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
