[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Can OpenLDAP get password from AD
Le Fri, 13 Feb 2009 16:54:36 +0700,
"Duong Pham Tung" <duongpt3@fpt.com.vn> a Ãcrit :
> Hi,
Hi,
> I am building a solution for web-based application authentication
> using OpenLDAP as a backend data source. But, in my case, OpenLDAP
> acts as a proxy and all user information are stored on AD servers. I
> can get some field from AD to OpenLDAP, but it is not enough for my
> apps to authentication user because OpenLDAP canât get password field
> from ADs. So, can OpenLDAP have other solutions to solve my problem?
OpenLDAP can delegate authentication on other LDAP server, using SASL
mechanism. In practice, in your LDAP account information on server A,
your have some information in the your password field that tell OpenLDAP
how it can replay user authentication on an other LDAP server B. This
work perfectly with Active Directory. You have to compile OpenLDAP with
cyrus-sasl.
Maybe it can solve your problem.
Cheers,
Thomas.
--
Thomas Chemineau
Groupe LINAGORA - http://www.linagora.com
TÃl.: +33(0)1 58 18 68 28 - Fax : +33(0)1 58 18 68 29