[K12OSN] using Apple Open Directory for authentication
Dan Young
dyoung at mesd.k12.or.us
Thu Oct 26 16:13:02 UTC 2006
John Lucas wrote:
> On Wednesday 25 October 2006 22:35, Peter Scheie wrote:
>> After digging into it a bit, I'm wondering if it's just a matter of
>> running system-config-authentication and using the GUI tool to tell the
>> linux server to use LDAP for user info and authentication, and point it
>> to the AOD server in the configuration (?).
>>
>> Petre
>>
>
> Assuming that AOD is based on LDAP, it is important that the schema used
> contain what Linux needs. If AOD contains the objectclasses and attributes
> that are included in the Openldap "nis.schema" it should be possible for
> Linux to use it. A further potential issue is encryption. Does AOD use TLS or
> Kerberos? If so your Linux hosts will need to use it too.
>
> The LDAP authentication in Linux is pretty flexible; if it weren't it couldn't
> use Active Directory. It may take some re-mapping of attributes, but it
> should be doable.
It's pretty much RFC 2307 (LDAP as NIS) and 2798 (inetOrgPerson) plus
apple-specific stuff. See the apple-specific schema here:
http://www.opensource.apple.com/darwinsource/10.2.3/OpenLDAP-15.1/AppleExtras/apple.schema
and
http://manuals.info.apple.com/en/MacOSXSrvr10.3_OpenDirectoryAdmin.pdf
I only know this from going the other direction (using OpenLDAP to store
select apple.schema bits).
--
Dan Young <dyoung at mesd.k12.or.us>
Multnomah ESD - Technology Services
503-257-1562
More information about the K12OSN
mailing list