I have Active Directory running at home. I’ve been using it as a centralized credential store.
Puppet Enterprise can authenticate against Active Directory. I just successfully integrated them, so here are the parameters I’m actually using. I used this documentation for reference.
Lookup user (optional)
Lookup password (optional)
* Use the password for svcldap
Connection timeout (seconds)
Validate the hostname?
Allow wildcards in SSL certificate?
Base distinguished name
User login attribute
User email address
User relative distinguished name (optional)
Group object class
Group membership field
Group name attribute
Group lookup attribute
Group relative distinguished name (optional)
Turn off LDAP_MATCHING_RULE_IN_CHAIN?
Search nested groups?
One thing is that when you first login as an Active Directory user, you may get denied. Once you see it, logout and login as the local admin (root) user and then you will see your Active Directory user created in Puppet Enterprise. You can add the user to the Administrators group so that you can do administrative work as yourself.
The configurations I showed in this blog entry is actually working, so I hope this helps someone out there.