AD Authentication

Posted by Riverside Software on 12-Mar-2015 04:45

Hi,


I've browsed some threads on AD Authentication, and would like to know what is the current status of AD Authentication on 11.5. We currently have an Authentication AppServer on Windows (10.2B, no client-principal), and as part of a platform change, we'd like to move this Appserver to Linux, and work with client-principal. Is it possible to authenticate against MS Active Directory from Linux ?


Thanks

All Replies

Posted by Michael Jacobs on 13-Mar-2015 06:58

In theory moving your Authentication AppServer to Linux and continue to use AD would require:  
  1. Finding a 3rd party 'bridge' that provides transparent AD access to the OS's security configuration located in /etc/nsswitch.conf
  2. Defining and using Client-Principals in your Authentication AppServer
  3. Using Domains in your Authentication AppServer configuration that uses the _oslocal [authentication] system type
  4. Returning the sealed Client-Principal to the clients so they can use it to set the DB/audit user-ids
The stumbling point has been when the 3rd party bridge product does not fully conform to the OS's local account's use of the passwd field for account state designation, such as 'locked', 'expired', etc.   The _oslocal system type currently enforces these OS specific local account security settings and does not have options that allow 3rd party software that does not conform.

Mike J.

[collapse]
From: Riverside Software <bounce-rssw@community.progress.com>
Reply-To: "TU.OE.General@community.progress.com" <TU.OE.General@community.progress.com>
Date: Thursday, March 12, 2015 at 5:46 AM
To: "TU.OE.General@community.progress.com" <TU.OE.General@community.progress.com>
Subject: [Technical Users - OE General] AD Authentication

Thread created by Riverside Software

Hi,


I've browsed some threads on AD Authentication, and would like to know what is the current status of AD Authentication on 11.5. We currently have an Authentication AppServer on Windows (10.2B, no client-principal), and as part of a platform change, we'd like to move this Appserver to Linux, and work with client-principal. Is it possible to authenticate against MS Active Directory from Linux ?


Thanks

Stop receiving emails on this subject.

Flag this post as spam/abuse.

[/collapse]
Posted by Riverside Software on 13-Mar-2015 07:38

Thanks Michael.

Does this kind of 3rd party bridge already exists, and would be available ?

Posted by Michael Jacobs on 13-Mar-2015 08:28

There are a number of vendors that provide bridge software between Linux and AD.   OE does not test or certify this type of architecture, so I cannot directly point you at any one specific vendor.   The following internet search phrase will get you started to see if it is even something you may be interested in.

Linux to AD bridge products

Hope that helps.

Mike J.

[collapse]
From: Riverside Software <bounce-rssw@community.progress.com>
Reply-To: "TU.OE.General@community.progress.com" <TU.OE.General@community.progress.com>
Date: Friday, March 13, 2015 at 8:39 AM
To: "TU.OE.General@community.progress.com" <TU.OE.General@community.progress.com>
Subject: RE: [Technical Users - OE General] AD Authentication

Reply by Riverside Software

Thanks Michael.

Does this kind of 3rd party bridge already exists, and would be available ?

Stop receiving emails on this subject.

Flag this post as spam/abuse.

[/collapse]
This thread is closed