|
Yes. My client system is connected to the domain. I was able to obtain a valid ticket from the AD system. The kinit command ran ok.
kinit user1@TEST.COM I even ran gssclient and it ran ok with no error. gssclient -port 389 MPSD-EB01T3 LDAP/MPSD-EB01T3.TEST.COM hello The DN of my AD should be TEST.COM So what else do I need to do on the client system to use OpenLDAP client tools with -Y GSSAPI option ? Is there a ldap.conf configuration for windows openldap client tools? Thanks, Tony > Date: Thu, 30 Jun 2011 16:17:44 +0100 > From: andrew.findlay@skills-1st.co.uk > To: nhan_yen@hotmail.com > CC: openldap-technical@openldap.org > Subject: Re: How to configure OpenLdap Client to work with Windows Active Directory > > On Wed, Jun 29, 2011 at 05:41:26PM -0700, yen nguyen wrote: > > > Can ldapsearch work with Windows AD via GSSAPI? Is there any special setting/ > > software I need to do on the client side? > > GSSAPI is normally a carrier for Kerberos tickets, so for this > to work you will need to obtain a valid ticket for the AD > service. This will involve connecting your client system to the > Kerberos domain managed by the AD system. > > > On my Client system, I have Windows openldap client tools (ldapsearch ....etc). > > My Server system has Windows AD running. > > > > I was able to use Simple Authentication and it worked. > > ldapsearch.exe -H ldap://MPSD-EB01T3/ -b "dc=test,dc=com" -x > > Without the -D and -w (or -W) options, this is just anonymous > (un-authenticated) access. > > You can certainly use the OpenLDAP client tools with AD using > simple authentication. The main problem is to find out what the DN of > your AD account actually is. > > Andrew > -- > ----------------------------------------------------------------------- > | From Andrew Findlay, Skills 1st Ltd | > | Consultant in large-scale systems, networks, and directory services | > | http://www.skills-1st.co.uk/ +44 1628 782565 | > ----------------------------------------------------------------------- |