[Date Prev][Date Next] [Chronological] [Thread] [Top]

Simple Bind w/TLS without SASL/Kerberos possible to AD?

To: openldap-technical@openldap.org
Subject: Simple Bind w/TLS without SASL/Kerberos possible to AD?
From: David Mitton <david@mitton.com>
Date: Thu, 07 Jul 2011 16:38:37 -0400
Content-disposition: inline
User-agent: Internet Messaging Program (IMP) H3 (4.1.4)

I am trying to use OpenLDAP from an embedded Linux system toauthenticate (PAM LDAP) against a Windows AD server. I must use TLSto secure this, but I would rather not use SASL or Kerberos if possible.

I have been able to mock this up on a Centos system without TLS, andthe PAM worked fine. When I turn on TLS, the Windows serverhandshakes the TLS but then has a problem with the first message. Iam also working that side.

I have walked through the handshake with s_client, and the connectionis happy.

I am now working with ldapsearch and trying things....

The first thing I notice is that it seems to try an SASL bind. Can Istop this?I'm not sure I have SASL actually installed on this system, and I'mnot sure I want it in my target.


Is this possible? from both the OpenLDAP client and/or Windows AD?

Ideas on the correct alphabet soup to try this with ldapsearch wouldbe appreciated.

Thanks.

Follow-Ups:
- Re: Simple Bind w/TLS without SASL/Kerberos possible to AD?
  - From: Jose Ildefonso Camargo Tolosa <ildefonso.camargo@gmail.com>

Prev by Date: translucent proxy question
Next by Date: LDAP handle structural integrity function
Index(es):
- Chronological
- Thread