04-21-2017
AD is essentially LDAP + Kerberos, so in itself there is nothing wrong with using AD, but it uses a proprietary schema. In order for it to be truly useful for unix/linux hosts, if you need anything more than just authentication, it would be best to import the rfc2307/rfc2307bis schema into AD. So AD can be used as LDAP for Unix/Linux hosts.
An alternative is to have two directories (AD and a separate LDAP) with some kind of sync mechanism...
Then there is the client side. With Single Signon, do you mean that you need to authenticate once and then use a ticket further on. Then you need to use (AD) Kerberos / gssapi. Some linux clients in addition can also do SSO without gssapi through sssd (also against AD), but Solaris cannot. If you mean with SSO that the password is the same for all platforms, then an alternative would be to use TLS/LDAP on Unix/Linux clients.
It all really depends on your situation..
Last edited by Scrutinizer; 04-21-2017 at 03:58 AM..
This User Gave Thanks to Scrutinizer For This Post:
5 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Can anyone tell me a good alternative to Windows? OS that can connect to a Windows domain and use for everyday (can use with Oracle). Easy to learn. (4 Replies)
Discussion started by: genesisX
4 Replies
2. Windows & DOS: Issues & Discussions
I am not an expert in Unix at all. My knowledge of Unix is average. We have a couple of Unix servers, Solaris and Linux, which run mostly web servers, and Oracle databases. Currently users have multiple user IDs for Unix and AD applications. Is it possible to make use of the Windows Active... (2 Replies)
Discussion started by: speriya
2 Replies
3. AIX
In /etc/security/user, we can set which authentication method we use for each user. for example:
test:
admin = false
rlogin = false
SYSTEM = "NONE"
I want to test whether SYSTEM=NONE (without ") is acceptable. How can I verify it? and How can we check which... (1 Reply)
Discussion started by: quanba
1 Replies
4. Solaris
Experts,
Is there any way to know which authentication method the user used to login into the box? I mean, is possible to identify if an active user had logged using keys or password for example?
Let me clarify: we have a script that we want to allow users to execute only if they have used... (2 Replies)
Discussion started by: fmattos
2 Replies
5. IP Networking
Hi experts,
I am not sure in which forum to submit this question. If this is not the correct place then please let me know where to submit this thread.
My requirement is to invoke windows batch scripts from linux shell script. Hence, I have installed openssh in Cygwin on the windows machine.... (2 Replies)
Discussion started by: ahmedwaseem2000
2 Replies
LEARN ABOUT FREEBSD
ldap_tls
LDAP_TLS(3) Library Functions Manual LDAP_TLS(3)
NAME
ldap_start_tls, ldap_start_tls_s, ldap_tls_inplace, ldap_install_tls - LDAP TLS initialization routines
LIBRARY
OpenLDAP LDAP (libldap, -lldap)
SYNOPSIS
#include <ldap.h>
int ldap_start_tls(LDAP *ld);
int ldap_start_tls_s(LDAP *ld, LDAPControl **serverctrls, LDAPControl **clientctrls);
int ldap_tls_inplace(LDAP *ld);
int ldap_install_tls(LDAP *ld);
DESCRIPTION
These routines are used to initiate TLS processing on an LDAP session. ldap_start_tls_s() sends a StartTLS request to a server, waits for
the reply, and then installs TLS handlers on the session if the request succeeded. The routine returns LDAP_SUCCESS if everything suc-
ceeded, otherwise it returns an LDAP error code. ldap_start_tls() sends a StartTLS request to a server and does nothing else. It returns
LDAP_SUCCESS if the request was sent successfully. ldap_tls_inplace() returns 1 if TLS handlers have been installed on the specified ses-
sion, 0 otherwise. ldap_install_tls() installs the TLS handlers on the given session. It returns LDAP_LOCAL_ERROR if TLS is already
installed.
SEE ALSO
ldap(3), ldap_error(3)
ACKNOWLEDGEMENTS
OpenLDAP Software is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>. OpenLDAP Software is derived from the
University of Michigan LDAP 3.3 Release.
OpenLDAP 2017/06/01 LDAP_TLS(3)