Scott Battaglia wrote: > On Thu, Jul 24, 2008 at 1:24 PM, Michael Ströder <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > Matthew Jones wrote: > > We already have OpenLDAP installed (although this is another > > area of non-expertise on my part - just don't ask why I've got > this job > > at all!) and it is set up to be suitable for use by the > > FastBindLdapAdaptor, i.e. authenticate by binding to LDAP using the > > users credentials. > > LDAP Fast bind is a proprietary feature of MS AD. It likely won't work > with OpenLDAP. > > We've used Fast Bind with Sun's LDAP server. Same name for different > things?
Maybe Sun implemented that too. I can't check at the moment. But it makes no sense with OpenLDAP. AFAIK in MS AD nested group membership is resolved when doing a normal simple bind and put into an attribute 'tokenGroups'. This is bad for performance, hence the "fast bind". Further reading: http://msdn.microsoft.com/en-us/library/aa367028.aspx Ciao, Michael. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
