[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to perform windows domain authentication with openldap

To: Jintao Fang <fangjintao@gmail.com>
Subject: Re: How to perform windows domain authentication with openldap
From: Dan White <dwhite@olp.net>
Date: Fri, 24 Jun 2011 14:09:26 -0500
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <BANLkTin5iFjgoTm+TbtfHwG_3H8uGrzUdg@mail.gmail.com>
References: <BANLkTin5iFjgoTm+TbtfHwG_3H8uGrzUdg@mail.gmail.com>
User-agent: Mutt/1.5.21 (2010-09-15)

On 24/06/11 13:58 +0800, Jintao Fang wrote:

I am trying to develop a ldap client with openldap and cyrus-sasl, there is
one feature that user can directly sign to the ldap server if he is in a
domain.

Does anyone have used openldap like this?

Thanks a lot.


If your goal is to simply authenticate a user against an active directory
via ldap, one of these approaches should work (or by using similar
parameters via code):

ldapsearch -Y digest-md5 -U jsmith -H ldap://192.168.1.1 <filter>

kinit jsmith@ADDOMAIN.COM
ldapsearch -Y gssapi -H ldap://192.168.1.1 <filter>

The following will also work with saslauthd (/etc/saslauthd.conf):

ldap_servers: ldap://192.168.1.1
ldap_use_sasl: yes
ldap_mech: DIGEST-MD5

If that doesn't address your question, please provide additional details,
such as a deployment scenario.

--
Dan White

Follow-Ups:
- Re: How to perform windows domain authentication with openldap
  - From: Nick Milas <nick@eurobjects.com>

References:
- How to perform windows domain authentication with openldap
  - From: Jintao Fang <fangjintao@gmail.com>

Prev by Date: ACL caused uidNumber=â4294967295 ?
Next by Date: back-sql modified queries
Index(es):
- Chronological
- Thread