Bug 35349 - AD Connector should support kerberos
AD Connector should support kerberos
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: AD Connector
UCS 3.2
Other Linux
: P5 enhancement (vote)
: UCS 3.2-2-errata
Assigned To: Stefan Gohmann
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-07-14 09:26 CEST by Stefan Gohmann
Modified: 2014-08-07 17:44 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2014-07-14 09:26:14 CEST
Instead of using binddn and password the AD connector should be able to use kerberos for the authentication against AD. But only in AD member mode.
Comment 1 Stefan Gohmann univentionstaff 2014-07-25 08:30:58 CEST
We need it for the AD member mode since newer AD systems allow LDAP queries as host account only if Kerberos is used.
Comment 2 Stefan Gohmann univentionstaff 2014-07-25 13:23:40 CEST
Fixed with: r52198 + r52204

YAML: r52233

To use kerberos the UCR variable connector/ad/ldap/binddn has to be set to the username and connector/ad/ldap/kerberos must be set to true.

For example:
 connector/ad/ldap/base: DC=deadlock16,DC=local
 connector/ad/ldap/binddn: master161$
 connector/ad/ldap/bindpw: /etc/machine.secret
 connector/ad/ldap/host: WIN-125IN6TLA89.deadlock16.local
 connector/ad/ldap/kerberos: true
 connector/ad/ldap/port: 389
 connector/ad/ldap/ssl: yes
Comment 3 Felix Botner univentionstaff 2014-07-28 17:05:42 CEST
OK - kerberos authentication support for ad connecotr
OK - YAML
Comment 4 Janek Walkenhorst univentionstaff 2014-08-07 17:44:35 CEST
http://errata.univention.de/ucs/3.2/162.html