On 24/06/11 13:58 +0800, Jintao Fang wrote:
I am trying to develop a ldap client with openldap and cyrus-sasl, there is
one feature that user can directly sign to the ldap server if he is in a
domain.
Does anyone have used openldap like this?
Thanks a lot.
If your goal is to simply authenticate a user against an active directory
via ldap, one of these approaches should work (or by using similar
parameters via code):
ldapsearch -Y digest-md5 -U jsmith -H ldap://192.168.1.1 <filter>
kinit [email protected]
ldapsearch -Y gssapi -H ldap://192.168.1.1 <filter>
The following will also work with saslauthd (/etc/saslauthd.conf):
ldap_servers: ldap://192.168.1.1
ldap_use_sasl: yes
ldap_mech: DIGEST-MD5
If that doesn't address your question, please provide additional details,
such as a deployment scenario.
--
Dan White
