On the monitoring server, I'd like to authenticate users in the following situations:
- various types of tacacs access
- access to portions of the web pages
- authentication to Linux command prompt
- authentication to call detail record tools
I think someone has started a similar authentication capability for NetDisco. In any
case, I wanted to see what I could come up with.
I have a basic proof of concept
script. All the options are embedded variables. I'll have to factor all that out. In
the meantime, it does prove that one can provide a basic Microsoft Active Directory group
name, use it to look up the distinguished name for the group name, and then perform a test
to see if a user is a member of that group. At the moment, there are no recursive tests to
see if the user is a member based upon a group being a member of another group.
The documentation at CPAN perl-ldap-0.34 was helpful for syntax. Microsoft's ADSIEdit MMC was
helpful in seeing which Active Directory/LDAP classes/objects contained the meaningful
attributes.