[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: How to configure OpenLdap Client to work with Windows Active Directory

Yes. My client system is connected to the domain. I was able to obtain a valid ticket from the AD system. The kinit command ran ok.
kinit user1@TEST.COM

I even ran gssclient and it ran ok with no error.
gssclient -port 389 MPSD-EB01T3 LDAP/MPSD-EB01T3.TEST.COM hello

The DN of my AD  should be TEST.COM

So what else do I need to do on the client system to use OpenLDAP client tools with -Y GSSAPI option ? Is there a ldap.conf configuration for windows openldap client tools?


> Date: Thu, 30 Jun 2011 16:17:44 +0100
> From: andrew.findlay@skills-1st.co.uk
> To: nhan_yen@hotmail.com
> CC: openldap-technical@openldap.org
> Subject: Re: How to configure OpenLdap Client to work with Windows Active Directory
> On Wed, Jun 29, 2011 at 05:41:26PM -0700, yen nguyen wrote:
> > Can ldapsearch work with Windows AD via GSSAPI? Is there any special setting/
> > software I need to do on the client side?
> GSSAPI is normally a carrier for Kerberos tickets, so for this
> to work you will need to obtain a valid ticket for the AD
> service. This will involve connecting your client system to the
> Kerberos domain managed by the AD system.
> > On my Client system, I have Windows openldap client tools (ldapsearch ....etc).
> > My Server system has Windows AD running.
> >
> > I was able to use Simple Authentication and it worked.
> > ldapsearch.exe -H ldap://MPSD-EB01T3/ -b "dc=test,dc=com" -x
> Without the -D and -w (or -W) options, this is just anonymous
> (un-authenticated) access.
> You can certainly use the OpenLDAP client tools with AD using
> simple authentication. The main problem is to find out what the DN of
> your AD account actually is.
> Andrew
> --
> -----------------------------------------------------------------------
> | From Andrew Findlay, Skills 1st Ltd |
> | Consultant in large-scale systems, networks, and directory services |
> | http://www.skills-1st.co.uk/ +44 1628 782565 |
> -----------------------------------------------------------------------