Accessing AD from UNIX machines
Achim Grolms
kerberosml at grolmsnet.de
Tue Aug 1 05:39:13 EDT 2006
On Tuesday 01 August 2006 05:01, Michael B Allen wrote:
> Note: Active Directory is a KDC and an LDAP service. The two are tightly
> coupled but your question is more of an LDAP question than it is a
> Kerberos one. But still, I'll answer because I have a neat suggestion.
>
> PHP is actually a really nice language for UNIX scripting.
Another idea to do this is using Perl, doing the (authentication)bind
by Kerberos against AD.
Cyrus-SASL is *not* needed.
Example:
#! /usr/bin/perl -w
use strict;
use Net::LDAP 0.33;
use Authen::SASL 2.10;
my $sasl = Authen::SASL->new( mechanism => 'GSSAPI' );
my $host = $ARGV[0] || die "\n\nusage: $0 ldapserver \n\n";
my $ldap = Net::LDAP->new(
$host,
onerror => 'die',
) or die "Cannot connect to LDAP host '$host'";
my $dse = $ldap->root_dse();
$dse->supported_sasl_mechanism ( 'GSSAPI' ) || die "\n sorry, $host does not
support GSSAPI...\n";;
eval {
$ldap->bind( sasl => $sasl );
} or die $@, $sasl->error(), "\n Terminating.\n";
print "\n SASL-bind to $host successfull...\n\n";
More Details on
<http://perl.grolmsnet.de/authensasl/>
Achim
More information about the Kerberos
mailing list