I have Active Directory running at home. I’ve been using it as a centralized credential store.
Puppet Enterprise can authenticate against Active Directory. I just successfully integrated them, so here are the parameters I’m actually using. I used this documentation for reference.
Directory name
homenet.iriumi.ad
Hostname
pdc01.homenet.iriumi.ad
Port
389
Lookup user (optional)
CN=svcldap,OU=UsersOU,DC=homenet,DC=iriumi,DC=ad
Lookup password (optional)
* Use the password for svcldap
Connection timeout (seconds)
60
Validate the hostname?
Yes
Allow wildcards in SSL certificate?
Yes
Base distinguished name
dc=homenet,dc=iriumi,dc=ad
User login attribute
sAMAccountName
User email address
mail
User relative distinguished name (optional)
* empty
Group object class
group
Group membership field
member
Group name attribute
name
Group lookup attribute
cn
Group relative distinguished name (optional)
cn=UsersOU
Turn off LDAP_MATCHING_RULE_IN_CHAIN?
No
Search nested groups?
Yes
One thing is that when you first login as an Active Directory user, you may get denied. Once you see it, logout and login as the local admin (root) user and then you will see your Active Directory user created in Puppet Enterprise. You can add the user to the Administrators group so that you can do administrative work as yourself.
The configurations I showed in this blog entry is actually working, so I hope this helps someone out there.