On Mon, 2011-05-02 at 21:56 -0700, Ben Kevan wrote: > I'm wondering what the heck I'm doing wrong. I'm working on getting > SSSD + KRB5 working against 2008 R2 AD. It's working fine in RHEL5 w/ > the standard LDAP.conf configuration. I'm working on sssd, but am not > getting a binddn connection to AD. Here's my config: ... > ldap_default_bind_dn = ldapbin...@domain.com
This is not a DN. This is a username. It's not the same thing. You need to figure out ldapbinddn's full distinguished name in LDAP and use that. > wtf am I doing wrong, and is ldap for authentication better then > krb5? or should I stick with ldap for authorization and krb5 for > authentication? Using krb5 for authentication allows you to acquire a single-sign-on TGT for use with other applications, so it's probably the preferred method in your case.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
