Am Wed, 12 Jun 2013 16:23:00 +0800 schrieb Ganesh Borse <[email protected]>:
> Dear Friends > > I am new to OpenLDAP. We are migrating our application (integrated > with webserver) from Windows to FreeBSD. > > However, this is adding a bit of a problem. Previously, I used > Microsoft SSPI authentication loop mechanism to authenticate the > users connecting from GUI client (launched from computers in MS > active directory) to our application. AD authentication helped avoid > maintaining separate passwords. > > Now, since we are moving to FreeBSD and web based interface, it is > difficult to use the same SSPI mechanism and so, the users connecting > to this application from web browser can be authenticated using the AD > credentials. > > The function ldap_bind_s requires explicit password when connecting to > directory server using a username other than logged in user. > > Also, pass-through authentication mechanism (14.5) outlined in > OpenLDAP-Admin-Guide cannot be used as it is for slapd. > > Thus, can you please help me know, how can I authenticate a user > configured in AD and connecting from web browser running on a > computer in AD using openLDAP client on FreeBSD? I want to avoid > maintaining or passing passwords on FreeBSD. You may either direct you web application for authentication and authorization to active directory, or uns a ldap proxy to connect to active directory. You may want to read man slapd-ldap(5) for further information. -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E
