[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How can OpenLDAP client process on FreeBSD authenticate a web user with active directory

Hi Dieter

Thanks for this quick guidance.

Yes, I will try to use ldap proxy, I think which will be nothing but slapd-ldap.

Is there any way to integrate this proxy in my application process (a C++ process)? This is because depending on success or failure of this authentication process our application need to allow the user to perform the actions over web connection.

- ganesh

On Wed, Jun 12, 2013 at 4:57 PM, Dieter Klünter <dieter@dkluenter.de> wrote:
Am Wed, 12 Jun 2013 16:23:00 +0800
schrieb Ganesh Borse <bganesh05@gmail.com>:

> Dear Friends
> I am new to OpenLDAP. We are migrating our application (integrated
> with webserver) from Windows to FreeBSD.
> However, this is adding a bit of a problem. Previously, I used
> Microsoft SSPI authentication loop mechanism to authenticate the
> users connecting from GUI client (launched from computers in MS
> active directory) to our application. AD authentication helped avoid
> maintaining separate passwords.
> Now, since we are moving to FreeBSD and web based interface, it is
> difficult to use the same SSPI mechanism and so, the users connecting
> to this application from web browser can be authenticated using the AD
> credentials.
> The function ldap_bind_s requires explicit password when connecting to
> directory server using a username other than logged in user.
> Also, pass-through authentication mechanism (14.5) outlined in
> OpenLDAP-Admin-Guide cannot be used as it is for slapd.
> Thus, can you please help me know, how can I authenticate a user
> configured in AD and connecting from web browser running on a
> computer in AD using openLDAP client on FreeBSD? I want to avoid
> maintaining or passing passwords on FreeBSD.

You may either direct you web application for authentication and
authorization to active directory, or uns a ldap proxy to connect to
active directory. You may want to read man slapd-ldap(5) for further

Dieter Klünter | Systemberatung
GPG Key ID:DA147B05