[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Configuring AD using OpenLDAP

To: Vinay Kalkoti <kalkoti.vinay@gmail.com>
Subject: Re: Configuring AD using OpenLDAP
From: Dan White <dwhite@olp.net>
Date: Fri, 17 Sep 2010 08:28:55 -0500
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <AANLkTik8XemD7-E8KuTJHvZAybV0MQ85qseT3CsF+K6g@mail.gmail.com>
References: <AANLkTik8XemD7-E8KuTJHvZAybV0MQ85qseT3CsF+K6g@mail.gmail.com>
User-agent: Mutt/1.5.20 (2009-06-14)

On 16/09/10 18:26 +0530, Vinay Kalkoti wrote:

Hi,

Is it possible to use OpenLDAP client to authenticate against Active
Directory without using Samba or SUF ?


Yes. I've seen both GSSAPI and DIGEST-MD5 SASL binds work.

AD (or maybe its DIGEST-MD5 implementation) seems to be picky about PTR
records, so you'll want to make sure you can do a 'dig -x <ip address>'
against the AD server.

This works for me:

ldapwhoami -Y DIGEST-MD5 -U jsmith -H ldap://ad.example.com
SASL/DIGEST-MD5 authentication started

Please enter your password:SASL username: jsmith

SASL SSF: 128
SASL data security layer installed.
ldap_parse_result: Protocol error (2)
        additional info: 0000203D: LdapErr: DSID-0C090C7D, comment: Unknown
extended request OID, data 0, vece
Result: Protocol error (2)
Additional info: 0000203D: LdapErr: DSID-0C090C7D, comment: Unknown
extended request OID, data 0, vece


Which represents a successful authentication. I guess AD doesn't support
the LDAPWHOAMI exop (Windows Server 2003).

--
Dan White

Follow-Ups:
- Re: Configuring AD using OpenLDAP
  - From: Jonathan CLARKE <jonathan.clarke@normation.com>

References:
- Configuring AD using OpenLDAP
  - From: Vinay Kalkoti <kalkoti.vinay@gmail.com>

Prev by Date: No connection! Some Ideas
Next by Date: Re: Stitching two LDAP databases together using chaining?
Index(es):
- Chronological
- Thread