Client Certificate ESP via OSX OpenDirectory

0
Hi,

I'am currently experimenting to get the ESP KDC authentication working against our Apple OSX Opendirectory server (10.11.4). It seams possible, but the OD does not support userprincipalname without changing the LDAP schema.
Is there any way to use e.g. EMailAddress or something else? The LDAP and Kerberos authentication seams to work well.

Thanks

Henri

Apr 20 18:51:29 lbr ssomgr: #24644# ssocfg: --- domainID: 1 [SSO_MACPRO_CLIENT] --- Apr 20 18:51:29 lbr ssomgr: #24644# >>> ldap_map_auth_for_dual_factor: auth_type in: 5 Apr 20 18:51:29 lbr ssomgr: #24644# <<< ldap_map_auth_for_dual_factor: auth_type out: 5 Apr 20 18:51:29 lbr ssomgr: #24644# do_sso_cert_check: ldap_url ldap://172.x.y.z Apr 20 18:51:29 lbr ssomgr: #24644# do_sso_cert_check: ldap version 3 Apr 20 18:51:29 lbr ssomgr: #24644# do_sso_cert_check: ldap timeout is 5 Apr 20 18:51:30 lbr ssomgr: #24644# do_sso_cert_check: ldap_sasl_bind_s(uid=diradmin,cn=users,dc=macpro: rc=0 Apr 20 18:51:30 lbr ssomgr: #24644# do_sso_cert_check: ldap_search_ext(ld,dc=macpro,,(userprincipalname=@macpro)): rc=0 Apr 20 18:51:30 lbr ssomgr: #24644# do_sso_cert_check: ldap_result(): rc=101 Apr 20 18:51:30 lbr ssomgr: #24644# do_sso_cert_check: ldap_first_message(): msg=0xc75550 msgtype=101 Apr 20 18:51:34 lbr ssomgr: #24604# do_sso_cert_check: ldap_result(): rc=0

1 comment

Avatar
0
Mark Deegan

Hello Henri,

you can specify "principal name" under the sso settings for the name as logon format. 

regards

Mark