Re: How to perform windows domain authentication with openldap
Nick Milas wrote:
On 24/6/2011 10:09 μμ, Dan White wrote:
> If that doesn't address your question, please provide additional details,
> such as a deployment scenario.
>
From what I understand, the scenario seems to be:
1. The (windows) client is already authenticated against Windows
Active Directory and logged in a domain.
2. We have somewhere an OpenLDAP Server running and we want to allow
access to it to clients already authenticated/logged in the domain
(i.e. without performing another authentication in OpenLDAP).
How can we do it?
Use Kerberos. You will need to create a Kerberos service principal for the
OpenLDAP server in the AD domain. The LDAP clients can then use SASL/GSSAPI
with their Windows AD credentials to authenticate to slapd.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/