Univention Bugzilla – Bug 35093
UCS in Active Directory domain - kinit overlay module (univention-ldap)
Last modified: 2014-07-14 10:51:25 CEST
univention-ldap must load this overlay module, see: ucs-3.2/component/ucs-in-ad-domain/univention-ldap +++ This bug was initially created as a clone of Bug #35092 +++ An overlay module is needed which performs a kinit against an AD based kerberos server. See patches/openldap/3.2-0-0-ucs/2.4.35-1-ucs-in-ad-domain/15_pwd_scheme_kinit.patch +++ This bug was initially created as a clone of Bug #34091 +++ It should be possible to run UCS as part of an Active Directory domain. In this case UCS must not provide Kerberos, DNS or Samba domain controller functionality. The synchronization of users, groups and computers will be done through the UCS AD connector. A password synchronization is not necessary, we will add an overlay module for OpenLDAP which uses the AD Kerberos as password verification backend for simple LDAP bind. The UCS system should able to provide Samba shares. Synchronized objects should be marked as synced (objectsuniventionObjectFlag: synced). In the default read mode of the connector it should not be possible to modify the synchronized attributes. The UDM modules property extension should be extended, for example "readonly_when_synced: True", default is False. Furthermore the object creation via UMC should display a warning that this object will not synchronized to AD.
Merged from ucs-in-ad scope and added some more minor fixes: r51413 + r51415 + r51416 YAML: r51429
OK - univention-ldap OK - YAML
http://errata.univention.de/ucs/3.2/150.html