Issue #2380 has been updated by Luke Kanies. Category set to LDAP Status changed from Unreviewed to Accepted
I'd like to see behaviour defined more clearly for when there isn't a ticket already, and this would require tests, too. ---------------------------------------- Feature #2380: Kerberos Authentication for LDAPNodes http://projects.reductivelabs.com/issues/2380 Author: S H Status: Accepted Priority: Normal Assigned to: Category: LDAP Target version: Complexity: Unknown Affected version: 0.24.8 Keywords: It'd be great to have Kerberos/GSSAPI authentication capabilities in LDAPNodes. ruby-ldap can do this natively, though it's not well documented. I don't yet know the Puppet code structure well enough to submit a full patch, but here's the gist of how I've got it working in my own scripts: <pre> conn = LDAP::Conn.new(server, port) conn.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3) # without this, searches think they're bound anonymously and break conn.set_option(LDAP::LDAP_OPT_REFERRALS, 0) conn.sasl_quiet = true conn.sasl_bind(user, "GSSAPI") </pre> >From there, you can search and such normally. Against my Active Directory LDAP >server I've found that it's best to unbind and rebind between searches. This >may not hold true for non-ADS systems. Unfortunately, I haven't had time to test this against other LDAP or Kerberos systems. It works just fine against Active Directory as long as I have have a TGT already. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
