[CentOS] vectoring IRC / Jabber logins to AD?

Tue Apr 22 18:43:58 UTC 2008
Les Mikesell <lesmikesell at gmail.com>

Craig White wrote:
> ----
>>> The point of authenticating against LDAP is rarely do you only want
>>> user/id authentication but you also want address books/user lists and
>>> other attributes that can be useful such as e-mail address.
>> But those may or may not be the same ones you'd find in AD.
> ----
> any reasonable LDAP implementation allows you to define the DN (or DN's)
> to be used for various purposes

But the people managing AD may have no interest in supporting other 

> ----
>>> In addition, jabber servers do have to store attributes about users so
>>> there's little to be served by marrying PAM functions in.
>> I'd settle for not having yet another password.
> ----
> sure - makes sense - how many different jabber servers are you running?

A couple, currently used by small sets of people but it's likely to 
expand (the people, not necessarily the servers).  I want to set up at 
least one of them with OpenNMS spewing its notifications into a 
multiuser chat room that the network operators can join.

> ----
>>> What you should have noticed here Les, is that Windows AD users are
>>> mostly clueless to how LDAP works and integrating Windows AD/LDAP into
>>> other software is a challenge for them.
>> Which is why you'd want to set up PAM once, not 
>> login/ssh/imap/pop/http/smtp/samba and all those other applications that 
>> want a password.  Especially when you want to be able to add local 
>> accounts in addition to using a network authentication mechanism.
> ----
> sure - makes sense - how many different jabber servers are you running?
> You are simply looking through a lens that says corporate users,
> corporate login accounts, etc. That's fine but I get the distinct
> impression that it is hardly the typical setup.

When someone mentions AD, I'd assume corporate users, existing logins, 
existing passwords and password change policy - and probably some 
MS-centric people managing it who may not want to help glue on some 
open-source parts.

   Les Mikesell
     lesmikesell at gmail.com