Hi Dieter Thanks for this quick guidance.
Yes, I will try to use ldap proxy, I think which will be nothing but slapd-ldap. Is there any way to integrate this proxy in my application process (a C++ process)? This is because depending on success or failure of this authentication process our application need to allow the user to perform the actions over web connection. Thanks, - ganesh On Wed, Jun 12, 2013 at 4:57 PM, Dieter Klünter <[email protected]> wrote: > Am Wed, 12 Jun 2013 16:23:00 +0800 > schrieb Ganesh Borse <[email protected]>: > > > Dear Friends > > > > I am new to OpenLDAP. We are migrating our application (integrated > > with webserver) from Windows to FreeBSD. > > > > However, this is adding a bit of a problem. Previously, I used > > Microsoft SSPI authentication loop mechanism to authenticate the > > users connecting from GUI client (launched from computers in MS > > active directory) to our application. AD authentication helped avoid > > maintaining separate passwords. > > > > Now, since we are moving to FreeBSD and web based interface, it is > > difficult to use the same SSPI mechanism and so, the users connecting > > to this application from web browser can be authenticated using the AD > > credentials. > > > > The function ldap_bind_s requires explicit password when connecting to > > directory server using a username other than logged in user. > > > > Also, pass-through authentication mechanism (14.5) outlined in > > OpenLDAP-Admin-Guide cannot be used as it is for slapd. > > > > Thus, can you please help me know, how can I authenticate a user > > configured in AD and connecting from web browser running on a > > computer in AD using openLDAP client on FreeBSD? I want to avoid > > maintaining or passing passwords on FreeBSD. > > You may either direct you web application for authentication and > authorization to active directory, or uns a ldap proxy to connect to > active directory. You may want to read man slapd-ldap(5) for further > information. > > -Dieter > -- > Dieter Klünter | Systemberatung > http://dkluenter.de > GPG Key ID:DA147B05 > 53°37'09,95"N > 10°08'02,42"E > >
