[Date Prev][Date Next]
Simple Bind w/TLS without SASL/Kerberos possible to AD?
- To: email@example.com
- Subject: Simple Bind w/TLS without SASL/Kerberos possible to AD?
- From: David Mitton <firstname.lastname@example.org>
- Date: Thu, 07 Jul 2011 16:38:37 -0400
- Content-disposition: inline
- User-agent: Internet Messaging Program (IMP) H3 (4.1.4)
I am trying to use OpenLDAP from an embedded Linux system to
authenticate (PAM LDAP) against a Windows AD server. I must use TLS
to secure this, but I would rather not use SASL or Kerberos if possible.
I have been able to mock this up on a Centos system without TLS, and
the PAM worked fine. When I turn on TLS, the Windows server
handshakes the TLS but then has a problem with the first message. I
am also working that side.
I have walked through the handshake with s_client, and the connection
I am now working with ldapsearch and trying things....
The first thing I notice is that it seems to try an SASL bind. Can I
I'm not sure I have SASL actually installed on this system, and I'm
not sure I want it in my target.
Is this possible? from both the OpenLDAP client and/or Windows AD?
Ideas on the correct alphabet soup to try this with ldapsearch would