[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Active Directory as ldap backend
I search the list archive, and I did find alot of good information about
openldap and active directory. But, it doesn't appear as if anyone
is trying to accomplish exactly what I am trying to accomplish.
I have an openldap server that I will be authenticating against. There
are a set of users who will be ONLY in the openldap server.
I also have an Active Directory server (on my domain controller) that I
want to authenticate against. For many reasons, using referrals will
not work for my setup, so I figured I'd use the proxy approach (ala the
ldap backend).
As a part of this authentication, I also need to be able to get entries
(so that I can display certain information to the user).
So, not only do I need to be able to bind against it (to authenticate),
but I also need to be able to search against it.
So, I compiled in ldap support, and added the appropriate entries to my
slapd.conf file.
First problem I have is that I cannot do a search successfully, because
you must authenticate against Active Directory before you can search
users. And, I do not see any way for the ldap backend config to specify
the bind DN/password to use. How does one do that? I know you can
specify the BINDDN as a part of the uri, but I've never seen a really
good example of doing that, either. Plus, ideally, you'd need to be
able to specify the bind password, too. Is there a syntax for this?
Secondarily, I need to be able to bind against it. My question is this:
I'v seen alot of information about how you must use kerb5 in order to
authenticate against the Active Directory server. Is this true?? Or is
this just *recommended* for (obvious) security reasons?
Any help is greatly appreciated.
Thanks..
-garyf