On Thu, Jul 7, 2011 at 4:08 PM, David
I am trying to use OpenLDAP from an embedded Linux system to
authenticate (PAM LDAP) against a Windows AD server. I must
use TLS to secure this, but I would rather not use SASL or
Kerberos if possible.
I have been able to mock this up on a Centos system without
TLS, and the PAM worked fine. When I turn on TLS, the Windows
server handshakes the TLS but then has a problem with the
first message. I am also working that side.
I have walked through the handshake with s_client, and the
connection is happy.
I am now working with ldapsearch and trying things....
The first thing I notice is that it seems to try an SASL bind.
Can I stop this?
I'm not sure I have SASL actually installed on this system,
and I'm not sure I want it in my target.
ldapsearch -x <--- does simple auth instead of sasl.
Is this possible? from both the OpenLDAP client and/or Windows
Ideas on the correct alphabet soup to try this with ldapsearch
would be appreciated.
Well, I have seen this done through samba, but you *should* be
able to use AD's LDAP to authenticate your Linux workstation,