LDAP Client Login Authentication

By l0gix, December 11, 2007, 7:50 pm o'clock

 

LDAP Authentication for Windows 2000:

Authenticate MS/Windows using PGina: http://pgina.xpasystems.com/
Downloads: http://pgina.xpasystems.com/files/
i.e. download pGina: pGina170a.exe

Run pGina170a.exe to install.
Install to C:\pGina and accept defaults.

Download LDAP Auth:
> Downloads: http://pgina.xpasystems.com/plugins/ldapauth.php
Download instaler i.e.: ldapauth12.exe
Run to install.

Configure pGina: Select: Start + Programs + pGina + Configuration Tool

  • Pluggin Path: C:\pGina\plugins\ldapauth\ldapauth_plus.dll
    Accept rest of defaults.
  • Select configure plugin button:
    [LDAP configure screenshot]
    • LDAP Server: IP-address-goes-here
    • Port: 389 (default)
    • PrePend: uid=
    • Append: ou=people,dc=megacorp,dc=com
    • Admin User: "cn=AdminManager,dc=megacorp,dc=com"
    • Admin password: *******

    The “Admin User” and “Admin Pass” are not required for “Map Mode”. A bind using the user login/password will take place if the Admin user/password are omitted.

  • Select radio button “Map Mode” then select “OK”. (Panel closes)
  • Select Save + Exit
    (On main config panel)

Uses LDAP “Search mode”.

PGINA screen

Select option “Scramble Passwords on Logout“. This forces LDAP authentication for each login. After an initial login, the login/password become resident locally so that subsequent logins are authenticated locally. This option forces a scramble of the password upon logout forcing Windows/pGina to authenticate with the LDAP server and NOT locally.

Optional test: Download plugin_tester.exe from http://pgina.xpasystems.com/plugins/ldapauth.php
[LDAP authentication test tool screenshot]

  • Select: Start + PRograms + pGina + Plugin tester
  • Pluggin Path: C:\pGina\plugins\ldapauth\ldapauth_plus.dll
  • Use login and passsword to test.

Reconfigure Windows 2000 not to authenticate against PDC:

  • Right click on “My Computer” + System Properties
  • Select “Network Identification” tab + “Properties” button.
  • Select “Workgroup” radio buton and remove workgroup.
  • Reboot and you are ready to login with LDAP authentication.

Note:

  • Do not use false (which can’t be resolved) or a real domain (real or real but fails).
  • pGina recognizes local logins if the login id can not be found in the LDAP directory.
  • pGina does not support “roaming profile”.

To remove pGina: Start + Control Panel + Add/Remove program + select pGina

Links:

LDAP Client Login Authentication

 

  1. Posting comments is disallowed.



«
»