[Date Prev][Date Next] [Chronological] [Thread] [Top]

Active Directory as ldap backend



I search the list archive, and I did find alot of good information about openldap and active directory. But, it doesn't appear as if anyone is trying to accomplish exactly what I am trying to accomplish.

I have an openldap server that I will be authenticating against. There are a set of users who will be ONLY in the openldap server.

I also have an Active Directory server (on my domain controller) that I want to authenticate against. For many reasons, using referrals will not work for my setup, so I figured I'd use the proxy approach (ala the ldap backend).

As a part of this authentication, I also need to be able to get entries (so that I can display certain information to the user).

So, not only do I need to be able to bind against it (to authenticate), but I also need to be able to search against it.

So, I compiled in ldap support, and added the appropriate entries to my slapd.conf file.

First problem I have is that I cannot do a search successfully, because you must authenticate against Active Directory before you can search users. And, I do not see any way for the ldap backend config to specify the bind DN/password to use. How does one do that? I know you can specify the BINDDN as a part of the uri, but I've never seen a really good example of doing that, either. Plus, ideally, you'd need to be able to specify the bind password, too. Is there a syntax for this?

Secondarily, I need to be able to bind against it. My question is this: I'v seen alot of information about how you must use kerb5 in order to authenticate against the Active Directory server. Is this true?? Or is this just *recommended* for (obvious) security reasons?

Any help is greatly appreciated.

Thanks..

-garyf