Authenticating SSH against Windows Active Direcotory using LDAP over SSL
I'm running RHEL 5.2 on a few servers and I would like to authenticate the SSH users against the Windows 2003 SP2 AD. I would like to keep the ports that I need to open to a minimum, and would like to utilize LDAP over SSL to accomplish this. I have some initial questions to get me going...
Does anyone know if there is any documentation out on this configuration? I can't seem to find any and I've been searching the web for about a week now. For this specific configuration... i.e., not using kerberos, winbind, or samba.
If not, can anyone send me in a right direction as to where to start? My first thoughts were to create a CSR and get that signed by the windows AD server. Then import that back to Linux, placing in /etc/openldap/cacerts. Or, is it easier to just import the ad domain cert to the linux server?
Once the certificates are verified, I know I will need to some configurations in ldap.conf, nsswitch, and hosts files. But, I'll get to that once I can even get a trust set up.
By the way, the Linux servers are on the Internal network and the Windows AD server is in the DMZ, so I'm thinking I will also need to update resolv.conf as well.
Any thoughts or direction would be very appreciated.