meta data for this page
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
| — | en:public:netz:auth [24.03.2022 01:37] (current) – created pit37126 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== Authenticationn against Active Directory ====== | ||
| + | If you want to provide an application (e.g. laboratory wiki), which you wish to access using university accounts - and therefore save yourself the maintenance of a own account and password database - you can offer that using LDAP or Kerberos. | ||
| + | {{INLINETOC}} | ||
| + | ===== Authentication using LDAP ===== | ||
| + | For this the following parameters have to be provided (depending on your application some parameters may be optional). " | ||
| + | |||
| + | | URL | '' | ||
| + | | Server | '' | ||
| + | | Port | '' | ||
| + | | Base DN | '' | ||
| + | | Bind DN | '' | ||
| + | | Search filter | '' | ||
| + | |||
| + | == Troubleshooting == | ||
| + | |||
| + | For test purposes you can enter the '' | ||
| + | |||
| + | < | ||
| + | ldapsearch -H ' | ||
| + | </ | ||
| + | |||
| + | Depending on your system you need to enter the following into your ''/ | ||
| + | < | ||
| + | TLS_REQCERT allow | ||
| + | sasl_secprops maxssf=0 | ||
| + | </ | ||
| + | |||
| + | Note: The line " | ||
| + | < | ||
| + | adcl: couldn' | ||
| + | ! Insufficient permissions to join the domain | ||
| + | </ | ||
| + | Without abovementioned parameter a join was possible. | ||
| + | |||
| + | ===== Authentication using Kerberos ===== | ||
| + | |||
| + | In case your application does with the help of " | ||
| + | <code ini> | ||
| + | [libdefaults] | ||
| + | default_realm = HS-REGENSBURG.DE | ||
| + | clockskew = 300 | ||
| + | ticket_lifetime = 36000 | ||
| + | </ | ||