What I am looking for is somewhat similar to openldap proxy for AD. What I did not understand is how a separate process running on the same computer request the slapd daemon to perform the authentication of various users?
Will the client process be connected to AD using ldap_bind_s and also communicate with slapd to pass user details to authenticate? Thanks, On Thu, Jun 13, 2013 at 1:18 AM, Michael Ströder <[email protected]>wrote: > Ganesh Borse wrote: > > I am new to OpenLDAP. We are migrating our application (integrated with > > webserver) from Windows to FreeBSD. > > > > However, this is adding a bit of a problem. Previously, I used Microsoft > > SSPI authentication loop mechanism to authenticate the users connecting > > from GUI client (launched from computers in MS active directory) to our > > application. AD authentication helped avoid maintaining separate > passwords. > > > > Now, since we are moving to FreeBSD and web based interface, it is > > difficult to use the same SSPI mechanism and so, the users connecting to > > this application from web browser can be authenticated using the AD > > credentials. > > You should rather try to learn about WebSSO with SPNEGO/Kerberos. > Personally I > have configured CAS with SPNEGO/Kerberos and LDAP fallback for password > checking for some customers. There might be other decent WebSSO > implementations with support for that. > > But this is highly off-topic here. So don't follow up on OpenLDAP lists. > > Ciao, Michael. > >
