[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can OpenLDAP get password from AD

To: "Duong Pham Tung" <duongpt3@fpt.com.vn>
Subject: Re: Can OpenLDAP get password from AD
From: Thomas Chemineau <tchemineau@linagora.com>
Date: Fri, 13 Feb 2009 11:24:49 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <FE-HN-SRV01bYiMCIqt00000480@fe-hn-srv01.HO.FPT.VN>
Organization: Groupe Linagora
References: <FE-HN-SRV01bYiMCIqt00000480@fe-hn-srv01.HO.FPT.VN>

Le Fri, 13 Feb 2009 16:54:36 +0700,
"Duong Pham Tung" <duongpt3@fpt.com.vn> a Ãcrit :

> Hi,

Hi,

> I am building a solution for web-based application authentication
> using OpenLDAP as a backend data source. But, in my case, OpenLDAP
> acts as a proxy and all user information are stored on AD servers. I
> can get some field from AD to OpenLDAP, but it is not enough for my
> apps to authentication user because OpenLDAP canât get password field
> from ADs. So, can OpenLDAP  have other solutions to solve my problem?

OpenLDAP can delegate authentication on other LDAP server, using SASL
mechanism. In practice, in your LDAP account information on server A,
your have some information in the your password field that tell OpenLDAP
how it can replay user authentication on an other LDAP server B. This
work perfectly with Active Directory. You have to compile OpenLDAP with
cyrus-sasl.

Maybe it can solve your problem.

Cheers,
Thomas.

-- 
Thomas Chemineau
Groupe LINAGORA - http://www.linagora.com
TÃl.: +33(0)1 58 18 68 28 - Fax : +33(0)1 58 18 68 29

References:
- Can OpenLDAP get password from AD
  - From: "Duong Pham Tung" <duongpt3@FPT.COM.VN>

Prev by Date: RE: Can OpenLDAP get password from AD
Next by Date: Re: Can OpenLDAP get password from AD
Index(es):
- Chronological
- Thread