[Date Prev][Date Next]
Re: How can OpenLDAP client process on FreeBSD authenticate a web user with active directory
Am Wed, 12 Jun 2013 16:23:00 +0800
schrieb Ganesh Borse <firstname.lastname@example.org>:
> Dear Friends
> I am new to OpenLDAP. We are migrating our application (integrated
> with webserver) from Windows to FreeBSD.
> However, this is adding a bit of a problem. Previously, I used
> Microsoft SSPI authentication loop mechanism to authenticate the
> users connecting from GUI client (launched from computers in MS
> active directory) to our application. AD authentication helped avoid
> maintaining separate passwords.
> Now, since we are moving to FreeBSD and web based interface, it is
> difficult to use the same SSPI mechanism and so, the users connecting
> to this application from web browser can be authenticated using the AD
> The function ldap_bind_s requires explicit password when connecting to
> directory server using a username other than logged in user.
> Also, pass-through authentication mechanism (14.5) outlined in
> OpenLDAP-Admin-Guide cannot be used as it is for slapd.
> Thus, can you please help me know, how can I authenticate a user
> configured in AD and connecting from web browser running on a
> computer in AD using openLDAP client on FreeBSD? I want to avoid
> maintaining or passing passwords on FreeBSD.
You may either direct you web application for authentication and
authorization to active directory, or uns a ldap proxy to connect to
active directory. You may want to read man slapd-ldap(5) for further
Dieter KlÃnter | Systemberatung
GPG Key ID:DA147B05