« Return to Thread: Winbind - functionality extension needed
Re: Winbind - functionality extension needed
by Gerald Carter-3
::
Rate this Message:
Ondrej Valousek wrote:
> Hi all,
>
> I would like to ask if it would be possible to extend the functionality
> of the winbind and nss_winbind.so to cover other system databases (not
> only passwd and group).
...
> The immediate answer is, that nss_ldap (from PADL software) does
> this - but unfortunately not effectively. Why?
> 1. nss_ldap does no caching (no daemon running)
Not entirely true. There several options like nss-ldapd, the similar
overlay in slapd, nscd, etc....
> 2. By default, you need to authenticate to AD in order to access it via
> LDAP. That leaves us 2 options:
> a) Allows anonymous access to AD
> b) configure something like "proxy" user to access AD
Or use nscd with the system keytab and GSSAPI. You could use
Samba to manage the system keytab file.
cheers, jerry
> Hi all,
>
> I would like to ask if it would be possible to extend the functionality
> of the winbind and nss_winbind.so to cover other system databases (not
> only passwd and group).
...
> The immediate answer is, that nss_ldap (from PADL software) does
> this - but unfortunately not effectively. Why?
> 1. nss_ldap does no caching (no daemon running)
Not entirely true. There several options like nss-ldapd, the similar
overlay in slapd, nscd, etc....
> 2. By default, you need to authenticate to AD in order to access it via
> LDAP. That leaves us 2 options:
> a) Allows anonymous access to AD
> b) configure something like "proxy" user to access AD
Or use nscd with the system keytab and GSSAPI. You could use
Samba to manage the system keytab file.
cheers, jerry
signature.asc (260 bytes) « Return to Thread: Winbind - functionality extension needed
| Free embeddable forum powered by Nabble | Forum Help |
