Univention Bugzilla – Bug 35349
AD Connector should support kerberos
Last modified: 2014-08-07 17:44:35 CEST
Instead of using binddn and password the AD connector should be able to use kerberos for the authentication against AD. But only in AD member mode.
We need it for the AD member mode since newer AD systems allow LDAP queries as host account only if Kerberos is used.
Fixed with: r52198 + r52204 YAML: r52233 To use kerberos the UCR variable connector/ad/ldap/binddn has to be set to the username and connector/ad/ldap/kerberos must be set to true. For example: connector/ad/ldap/base: DC=deadlock16,DC=local connector/ad/ldap/binddn: master161$ connector/ad/ldap/bindpw: /etc/machine.secret connector/ad/ldap/host: WIN-125IN6TLA89.deadlock16.local connector/ad/ldap/kerberos: true connector/ad/ldap/port: 389 connector/ad/ldap/ssl: yes
OK - kerberos authentication support for ad connecotr OK - YAML
http://errata.univention.de/ucs/3.2/162.html