LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-07-2010, 02:45 PM   #1
dpkavanaugh
LQ Newbie
 
Registered: Jun 2010
Posts: 3

Rep: Reputation: 0
Question Does the use of LDAP to communicate with Windows Active Directory require PAM?


I want to use LDAP on SUSE 10 to authorize the use of certain objects within IBM's MQ Series via the setmqaut command. I do not want to authenticate these users to the Linux server itself via LDAP. Users that actually log onto the Linux server will be authenticated through a product from Quest formly known as VAS. My question is, does LDAP require the use of PAM or can I utilize the facilities within LDAP to communicate with a Windows Active Directory so that I can authorize the use of MQ Series objects and not authenticate actual users that would log onto the server.
 
Old 06-07-2010, 02:49 PM   #2
alunduil
Member
 
Registered: Feb 2005
Location: San Antonio, TX
Distribution: Gentoo
Posts: 684

Rep: Reputation: 62
Are you writing the authentication against LDAP on the Linux box or using something built into the script that needs to be controlled? You do need to use PAM with LDAP if you would authenticate any system service against the MS AD. Otherwise, it shouldn't be necessary but we would need more details about the configuration before we could say for sure.

Regards,

Alunduil
 
Old 06-08-2010, 07:20 AM   #3
dpkavanaugh
LQ Newbie
 
Registered: Jun 2010
Posts: 3

Original Poster
Rep: Reputation: 0
Question LDAP and MQ SERIES

I'm not wanting to do AUTHENTICATION. IBM's MQ Series is messaging software. A user must have the AUTHORITY to open a queue manager, write a message to a queue, read a message from a queue, etc. The server piece of MQ Series resides on the Linux guest. When a message is sent to the server, MQ Series will check the user id within the message to ensure that the user id has the authority to do certain functions. That user id must exist and that is all MQ is concerned with. It does not care about the password, group id, user id, etc., just that the user id exists. Using MQ commands I have give MQ the information where that ID exist, in this case in a group house on Active Directory. Internally MQ is going to make a security call, whether it be local or to Active Directory via LDAP.

Therefore I want to use LDAP to validate the authority of a user id to be able to carry out certain MQ functions. This user id will NEVER log onto the physical server and be authenticated. Authentication of users who need to administer the physical server will be handled by third party software. I cannot use this third party software with MQ because of licensing problems.
 
Old 06-08-2010, 09:10 AM   #4
alunduil
Member
 
Registered: Feb 2005
Location: San Antonio, TX
Distribution: Gentoo
Posts: 684

Rep: Reputation: 62
Then the answer is yes, you can perform LDAP queries against MS AD but changing some items on AD 2008 is a bit tricky if you would need to do that as well.

Regards,

Alunduil
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
integrate Windows Active Directory with LDAP yasir.iqbal Linux - Server 1 05-14-2010 07:28 AM
ldap pam active directory login zerocool22 Linux - Server 0 05-20-2008 04:49 AM
LXer: Configure IBM LDAP netgroups with Windows Active Directory server LXer Syndicated Linux News 0 04-20-2007 10:02 AM
Active Directory, Kerberos, LDAP, PAM, and nsswitch PenguinPwrdBox Linux - Security 1 06-04-2005 10:56 PM
migration from windows active directory to linux ldap spyghost Linux - Networking 1 08-01-2004 01:26 PM


All times are GMT -5. The time now is 12:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration