Scalix Forums

Is there a way (without using the SSO Krb5 route) to just use om_ldap to authenticate to a Win2000 AD server? I know this is not too hard using the openldap client... but om_ldap.conf seems to have much fewer options available (such as bind DN etc.).

Any thoughts or ideas on how (or if) this can be done?

You can always try the pam_ldap module, if you know that will work for you.
You will need a before the but it should work fine.

Maybe test the pam_ldap first using another app (maybe shell logins?) before you try to integrate it into Scalix.

As a side remark....

doing Kerberos doesn't necessarily mean going down the SSO route - you can use pam_krb5 which has nothing to do with SSO, it is still Username/Password against Kerberos.

While both om_ldap and pam_ldap should be somehow possible, configuration for krb5 is MUCH simpler, it supports password changes through a Scalix client and it should be more performant and efficient and secure as well. The only downside is that even in a non-SSO situation the scalix-ual Kerberos principal must be created on the Windows side.

-- f.

Thanks Valerion and Florian,

I did discover that the pam_ldap (external) module works perfectly - after some tweaking. It does not require anything on the AD side (such as krb5 does) which has made it much easier for the client.

This approach is not really documented anywhere, but I think has real validity and applicability as you can sync users via omldapsync, but still use AD authentication both externally and internally.

Well,

if you want, you can always contribute the full setup back to the community. I would suggest using www.scalix.com/wiki for this.

-- f.