On 16/09/10 18:26 +0530, Vinay Kalkoti wrote:
Hi,
Is it possible to use OpenLDAP client to authenticate against Active Directory without using Samba or SUF ?
Yes. I've seen both GSSAPI and DIGEST-MD5 SASL binds work.
AD (or maybe its DIGEST-MD5 implementation) seems to be picky about PTR records, so you'll want to make sure you can do a 'dig -x <ip address>' against the AD server.
This works for me:
ldapwhoami -Y DIGEST-MD5 -U jsmith -H ldap://ad.example.com SASL/DIGEST-MD5 authentication started Please enter your password: SASL username: jsmith SASL SSF: 128 SASL data security layer installed. ldap_parse_result: Protocol error (2) additional info: 0000203D: LdapErr: DSID-0C090C7D, comment: Unknown extended request OID, data 0, vece Result: Protocol error (2) Additional info: 0000203D: LdapErr: DSID-0C090C7D, comment: Unknown extended request OID, data 0, vece
Which represents a successful authentication. I guess AD doesn't support the LDAPWHOAMI exop (Windows Server 2003).