no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | en:public:netz:auth [24.03.2022 01:37] (current) – created pit37126 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Authenticationn against Active Directory ====== | ||
+ | If you want to provide an application (e.g. laboratory wiki), which you wish to access using university accounts - and therefore save yourself the maintenance of a own account and password database - you can offer that using LDAP or Kerberos. | ||
+ | {{INLINETOC}} | ||
+ | ===== Authentication using LDAP ===== | ||
+ | For this the following parameters have to be provided (depending on your application some parameters may be optional). " | ||
+ | |||
+ | | URL | '' | ||
+ | | Server | '' | ||
+ | | Port | '' | ||
+ | | Base DN | '' | ||
+ | | Bind DN | '' | ||
+ | | Search filter | '' | ||
+ | |||
+ | == Troubleshooting == | ||
+ | |||
+ | For test purposes you can enter the '' | ||
+ | |||
+ | < | ||
+ | ldapsearch -H ' | ||
+ | </ | ||
+ | |||
+ | Depending on your system you need to enter the following into your ''/ | ||
+ | < | ||
+ | TLS_REQCERT allow | ||
+ | sasl_secprops maxssf=0 | ||
+ | </ | ||
+ | |||
+ | Note: The line " | ||
+ | < | ||
+ | adcl: couldn' | ||
+ | ! Insufficient permissions to join the domain | ||
+ | </ | ||
+ | Without abovementioned parameter a join was possible. | ||
+ | |||
+ | ===== Authentication using Kerberos ===== | ||
+ | |||
+ | In case your application does with the help of " | ||
+ | <code ini> | ||
+ | [libdefaults] | ||
+ | default_realm = HS-REGENSBURG.DE | ||
+ | clockskew = 300 | ||
+ | ticket_lifetime = 36000 | ||
+ | </ |