Good Afternoon Folks,
It's been a long time since I posted here, but it's good to be back. I have an issue/goal that I have been trying to resolve/reach for a while, and I cannot seem to find all the right pieces to get me there.
I have some CentOS 6.9 servers which I want to authenticate against an Active Directory domain via LDAP. NOTE: I do NOT want to join these servers to the domain. I merely want to fire off an authentication exchange via LDAP when someone logs into the box. This is to simplify management.
Anyway, the challenge is the Active Directory, of course, does not allow anonymous bind. So, we set up a dedicated, service again to use for binding to Active Directory in order to query it. The problem is, the keepers of the accounts do not want to give us the password or allow the password to be stored in clear text in a conf file.
So here is the question.....
Does anyone know of a way to 1) mask a password during entry into a 2) encrypted storage container (vault?) which can 3) be accessed by the LDAP config when a bind is necessary to authenticate a user?![[ponder]](/data/assets/smilies/ponder.gif "[ponder] [ponder]")
The basic LDAP configuration stuff is no big deal, but the securing of the password while still allowing it to be used is the rub at this point.
Thanks for your help!
It's been a long time since I posted here, but it's good to be back. I have an issue/goal that I have been trying to resolve/reach for a while, and I cannot seem to find all the right pieces to get me there.
I have some CentOS 6.9 servers which I want to authenticate against an Active Directory domain via LDAP. NOTE: I do NOT want to join these servers to the domain. I merely want to fire off an authentication exchange via LDAP when someone logs into the box. This is to simplify management.
Anyway, the challenge is the Active Directory, of course, does not allow anonymous bind. So, we set up a dedicated, service again to use for binding to Active Directory in order to query it. The problem is, the keepers of the accounts do not want to give us the password or allow the password to be stored in clear text in a conf file.
So here is the question.....
Does anyone know of a way to 1) mask a password during entry into a 2) encrypted storage container (vault?) which can 3) be accessed by the LDAP config when a bind is necessary to authenticate a user?
The basic LDAP configuration stuff is no big deal, but the securing of the password while still allowing it to be used is the rub at this point.
Thanks for your help!