[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] using Apple Open Directory for authentication



John Lucas wrote:
> On Wednesday 25 October 2006 22:35, Peter Scheie wrote:
>> After digging into it a bit, I'm wondering if it's just a matter of
>> running system-config-authentication and using the GUI tool to tell the
>> linux server to use LDAP for user info and authentication, and point it
>> to the AOD server in the configuration (?).
>>
>> Petre
>>
> 
> Assuming that AOD is based on LDAP, it is important that the schema used 
> contain what Linux needs. If AOD contains the objectclasses and attributes 
> that are included in the Openldap "nis.schema" it should be possible for 
> Linux to use it. A further potential issue is encryption. Does AOD use TLS or 
> Kerberos? If so your Linux hosts will need to use it too.
> 
> The LDAP authentication in Linux is pretty flexible; if it weren't it couldn't 
> use Active Directory. It may take some re-mapping of attributes, but it 
> should be doable.

It's pretty much RFC 2307 (LDAP as NIS) and 2798 (inetOrgPerson) plus
apple-specific stuff. See the apple-specific schema here:

http://www.opensource.apple.com/darwinsource/10.2.3/OpenLDAP-15.1/AppleExtras/apple.schema

and

http://manuals.info.apple.com/en/MacOSXSrvr10.3_OpenDirectoryAdmin.pdf

I only know this from going the other direction (using OpenLDAP to store
select apple.schema bits).

-- 
Dan Young <dyoung mesd k12 or us>
Multnomah ESD - Technology Services
503-257-1562


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]