Hi Dieter
Thanks for this quick guidance.
Yes, I will try to use ldap proxy, I think which will be nothing but slapd-ldap.
Is there any way to integrate this proxy in my application process (a C++ process)? This is because depending on success or failure of this authentication process our application need to allow the user to perform the actions over web connection.
Thanks, - ganesh
On Wed, Jun 12, 2013 at 4:57 PM, Dieter Klünter dieter@dkluenter.de wrote:
Am Wed, 12 Jun 2013 16:23:00 +0800 schrieb Ganesh Borse bganesh05@gmail.com:
Dear Friends
I am new to OpenLDAP. We are migrating our application (integrated with webserver) from Windows to FreeBSD.
However, this is adding a bit of a problem. Previously, I used Microsoft SSPI authentication loop mechanism to authenticate the users connecting from GUI client (launched from computers in MS active directory) to our application. AD authentication helped avoid maintaining separate passwords.
Now, since we are moving to FreeBSD and web based interface, it is difficult to use the same SSPI mechanism and so, the users connecting to this application from web browser can be authenticated using the AD credentials.
The function ldap_bind_s requires explicit password when connecting to directory server using a username other than logged in user.
Also, pass-through authentication mechanism (14.5) outlined in OpenLDAP-Admin-Guide cannot be used as it is for slapd.
Thus, can you please help me know, how can I authenticate a user configured in AD and connecting from web browser running on a computer in AD using openLDAP client on FreeBSD? I want to avoid maintaining or passing passwords on FreeBSD.
You may either direct you web application for authentication and authorization to active directory, or uns a ldap proxy to connect to active directory. You may want to read man slapd-ldap(5) for further information.
-Dieter
Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E