[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How can OpenLDAP client process on FreeBSD authenticate a web user with active directory

Ganesh Borse wrote:
> I am new to OpenLDAP. We are migrating our application (integrated with
> webserver) from Windows to FreeBSD.
> However, this is adding a bit of a problem. Previously, I used Microsoft
> SSPI authentication loop mechanism to authenticate the users connecting
> from GUI client (launched from computers in MS active directory) to our
> application. AD authentication helped avoid maintaining separate passwords.
> Now, since we are moving to FreeBSD and web based interface, it is
> difficult to use the same SSPI mechanism and so, the users connecting to
> this application from web browser can be authenticated using the AD
> credentials.

You should rather try to learn about WebSSO with SPNEGO/Kerberos. Personally I
have configured CAS with SPNEGO/Kerberos and LDAP fallback for password
checking for some customers. There might be other decent WebSSO
implementations with support for that.

But this is highly off-topic here. So don't follow up on OpenLDAP lists.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature