[CentOS] vectoring IRC / Jabber logins to AD?

Tue Apr 22 16:36:51 UTC 2008
Matt Shields <mattboston at gmail.com>

On Tue, Apr 22, 2008 at 11:56 AM, Craig White <craig at tobyhouse.com> wrote:
>
>  On Mon, 2008-04-21 at 21:34 -0500, Les Mikesell wrote:
>  > Matt Hyclak wrote:
>  > > On Mon, Apr 21, 2008 at 06:39:45PM -0700, Rogelio enlightened us:
>  > >> Excuse my ignorance (I just got crap on the #centos IRC channel for this
>  > >> question), but is there a (easy!) way to have and IRC and/or Jabber server
>  > >> relay a login to a Microsoft Active Directory server for authentication?
>  > >> If there's a better question to ask this question, please point me in that
>  > >> direction, and I'll be happy to do so
>  > >>
>  > >
>  > > Well, you probably want to ask in a support channel for your IRC and jabber
>  > > server software, and/or some sort of Microsoft channel.
>  > >
>  > > The way you've posed the question, it has nothing to do with CentOS, so I am
>  > > unsurprised you got crap for it on IRC.
>  >
>  > I thought one of the big deals in Centos was the ability to configure
>  > PAM to authenticate anywhere you want and all the apps use the same
>  > settings?  Isn't that true, or aren't there any jabber/IRC servers that
>  > are bundled properly into the distribution?
>  >
>  > This sounds very much like a distro-centric question to me, even if the
>  > answer turns out to be that Centos doesn't provide that.
>  ----
>  actually no.
>
>  I am currently using ejabberd and it is not common to authenticate
>  'real' users but certain possible. The methodology of authenticating
>  'real' users would entirely depend upon the jabber server software which
>  varies widely from perl to java to erlang.
>
>  The point of authenticating against LDAP is rarely do you only want
>  user/id authentication but you also want address books/user lists and
>  other attributes that can be useful such as e-mail address.
>
>  In addition, jabber servers do have to store attributes about users so
>  there's little to be served by marrying PAM functions in.
>
>  What you should have noticed here Les, is that Windows AD users are
>  mostly clueless to how LDAP works and integrating Windows AD/LDAP into
>  other software is a challenge for them.
>
>  Craig
>

Why not just install OpenFire which has the AD <-> Jabber
authentication stuff built right in?


-- 
-matt