[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] using Apple Open Directory for authentication

John Lucas wrote:
> On Wednesday 25 October 2006 22:35, Peter Scheie wrote:
>> After digging into it a bit, I'm wondering if it's just a matter of
>> running system-config-authentication and using the GUI tool to tell the
>> linux server to use LDAP for user info and authentication, and point it
>> to the AOD server in the configuration (?).
>> Petre
> Assuming that AOD is based on LDAP, it is important that the schema used 
> contain what Linux needs. If AOD contains the objectclasses and attributes 
> that are included in the Openldap "nis.schema" it should be possible for 
> Linux to use it. A further potential issue is encryption. Does AOD use TLS or 
> Kerberos? If so your Linux hosts will need to use it too.
> The LDAP authentication in Linux is pretty flexible; if it weren't it couldn't 
> use Active Directory. It may take some re-mapping of attributes, but it 
> should be doable.

It's pretty much RFC 2307 (LDAP as NIS) and 2798 (inetOrgPerson) plus
apple-specific stuff. See the apple-specific schema here:




I only know this from going the other direction (using OpenLDAP to store
select apple.schema bits).

Dan Young <dyoung mesd k12 or us>
Multnomah ESD - Technology Services

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]