[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Configuring AD using OpenLDAP



On 16/09/10 18:26 +0530, Vinay Kalkoti wrote:
Hi,

Is it possible to use OpenLDAP client to authenticate against Active
Directory without using Samba or SUF ?

Yes. I've seen both GSSAPI and DIGEST-MD5 SASL binds work.

AD (or maybe its DIGEST-MD5 implementation) seems to be picky about PTR
records, so you'll want to make sure you can do a 'dig -x <ip address>'
against the AD server.

This works for me:

ldapwhoami -Y DIGEST-MD5 -U jsmith -H ldap://ad.example.com
SASL/DIGEST-MD5 authentication started
Please enter your password: SASL username: jsmith
SASL SSF: 128
SASL data security layer installed.
ldap_parse_result: Protocol error (2)
        additional info: 0000203D: LdapErr: DSID-0C090C7D, comment: Unknown
extended request OID, data 0, vece
Result: Protocol error (2)
Additional info: 0000203D: LdapErr: DSID-0C090C7D, comment: Unknown
extended request OID, data 0, vece


Which represents a successful authentication. I guess AD doesn't support
the LDAPWHOAMI exop (Windows Server 2003).

--
Dan White