Re: Configuring AD using OpenLDAP

[Jonathan CLARKE <jonathan.clarke@normation.com>]

On 17/09/2010 15:28, Dan White wrote:
> On 16/09/10 18:26 +0530, Vinay Kalkoti wrote:
> > Hi,
> >
> > Is it possible to use OpenLDAP client to authenticate against Active
> > Directory without using Samba or SUF ?
>
> Yes. I've seen both GSSAPI and DIGEST-MD5 SASL binds work.

You can also use plain authentication against AD:

ldapsearch -x -H ldap://ad.server/ -D "username@domain.ext" -W -b 
"dc=domain,dc=ext"

Yes, the -D option will take the userPrincipalName to bind with. This is 
a bit of a twist on LDAP authentication, and you can of course just use 
the plain DN instead, as you would on any other LDAP directory.

A random tip: if your AD forest has several domains in it, you'll want 
to look into querying a "Global Catalogue". These use port 3268 just as 
the standard LDAP port, but including data from all domains in the forest.

Hope this helps,
Jonathan
--
==========================================
Jonathan CLARKE
------------------------------------------
Normation
44 rue Cauchy, 94110 Arcueil, France
------------------------------------------
Telephone:  +33 (0)1 83 62 26 96
------------------------------------------
Web:        http://www.normation.com/
==========================================