I'm trying to set Cobbler 2.6 up with LDAP authentication against our AD environment. Using the standard LD config per example works fine, but we need to allow only certain CNs access to log in. 

We were able to get this to work with authn_passthru and Apache with our existing Cobbler 1.6 (I know, I know), but my tests with this and Cobbler 2.x have failed in the past. I've even tried authn_pam with Winbind, but this seems to fail in some nebulous space somewhere in Winbind during the auth process (though various winbind tools do communicate with AD properly).

Note that authz_ownership is not a tenable solution for us, as we have multiple departments with overlapping responsibilities, and multiple Cobbler environments with targeted uses (eg customer equipment, internal prod, internal dev, etc)

Any help would be very much appreciated!

Thanks,

Cory.