Issue #2380 has been reported by S H.
----------------------------------------
Feature #2380: Kerberos Authentication for LDAPNodes
http://projects.reductivelabs.com/issues/2380
Author: S H
Status: Unreviewed
Priority: Normal
Assigned to:
Category:
Target version:
Complexity: Unknown
Affected version: 0.24.8
Keywords:
It'd be great to have Kerberos/GSSAPI authentication capabilities in LDAPNodes.
ruby-ldap can do this natively, though it's not well documented.
I don't yet know the Puppet code structure well enough to submit a full patch,
but here's the gist of how I've got it working in my own scripts:
conn = LDAP::Conn.new(server, port)
conn.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
# without this, searches think they're bound anonymously and break
conn.set_option(LDAP::LDAP_OPT_REFERRALS, 0)
conn.sasl_quiet = true
conn.sasl_bind(user, "GSSAPI")
>From there, you can search and such normally. Against my Active Directory LDAP
>server I've found that it's best to unbind and rebind between searches. This
>may not hold true for non-ADS systems.
Unfortunately, I haven't had time to test this against other LDAP or Kerberos
systems. It works just fine against Active Directory as long as I have have a
TGT already.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://reductivelabs.com/redmine/my/account
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
