Re: How to configure OpenLdap Client to work with Windows Active Directory

[Andrew Findlay <andrew.findlay@skills-1st.co.uk>]

On Wed, Jun 29, 2011 at 05:41:26PM -0700, yen nguyen wrote:

> Can ldapsearch work with Windows AD via GSSAPI? Is there any special setting/
> software I need to do on the client side?

GSSAPI is normally a carrier for Kerberos tickets, so for this
to work you will need to obtain a valid ticket for the AD
service. This will involve connecting your client system to the
Kerberos domain managed by the AD system.

> On my Client system, I have Windows openldap client tools (ldapsearch ....etc).
> My Server system has Windows AD running.
> 
> I was able to use Simple Authentication and it worked.
> ldapsearch.exe -H ldap://MPSD-EB01T3/ -b "dc=test,dc=com"  -x

Without the -D and -w (or -W) options, this is just anonymous
(un-authenticated) access.

You can certainly use the OpenLDAP client tools with AD using
simple authentication. The main problem is to find out what the DN of
your AD account actually is.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------