But if using it, you must query directly to AD server from apps instead of querying to OpenLDAP. In my security context, it is forbidden.
-----Original Message----- From: openldap-technical-bounces+duongpt3=fpt.com.vn@OpenLDAP.org [mailto:openldap-technical-bounces+duongpt3=fpt.com.vn@OpenLDAP.org] On Behalf Of Peter Gordon Sent: 13 tháng hai 2009 5:05 CH To: Duong Pham Tung Cc: openldap-technical@openldap.org Subject: Re: Can OpenLDAP get password from AD
How about using ldapsearch with binddn and bindpw set with the user credentials and do a search for that user.
If an incorrect password is supplied, you won't/shouldn't get a valid reply.
Peter
On Fri, 2009-02-13 at 16:54 +0700, Duong Pham Tung wrote:
Hi,
I am building a solution for web-based application authentication using OpenLDAP as a backend data source. But, in my case, OpenLDAP acts as a proxy and all user information are stored on AD servers. I can get some field from AD to OpenLDAP, but it is not enough for my apps to authentication user because OpenLDAP can’t get password field from ADs. So, can OpenLDAP have other solutions to solve my problem?
Thanks and Best regards,
Ph?m Tùng Duong