[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How can OpenLDAP client process on FreeBSD authenticate a web user with active directory



What I am looking for is somewhat similar to openldap proxy for AD.

What I did not understand is how a separate process running on the same computer request the slapd daemon to perform the authentication of various users?

Will the client process be connected to AD using ldap_bind_s and also communicate with slapd to pass user details to authenticate? 

Thanks,



On Thu, Jun 13, 2013 at 1:18 AM, Michael Ströder <michael@stroeder.com> wrote:
Ganesh Borse wrote:
> I am new to OpenLDAP. We are migrating our application (integrated with
> webserver) from Windows to FreeBSD.
>
> However, this is adding a bit of a problem. Previously, I used Microsoft
> SSPI authentication loop mechanism to authenticate the users connecting
> from GUI client (launched from computers in MS active directory) to our
> application. AD authentication helped avoid maintaining separate passwords.
>
> Now, since we are moving to FreeBSD and web based interface, it is
> difficult to use the same SSPI mechanism and so, the users connecting to
> this application from web browser can be authenticated using the AD
> credentials.

You should rather try to learn about WebSSO with SPNEGO/Kerberos. Personally I
have configured CAS with SPNEGO/Kerberos and LDAP fallback for password
checking for some customers. There might be other decent WebSSO
implementations with support for that.

But this is highly off-topic here. So don't follow up on OpenLDAP lists.

Ciao, Michael.