What I am looking for is somewhat similar to openldap proxy for AD.
What I did not understand is how a separate process running on the same computer request the slapd daemon to perform the authentication of various users?
Will the client process be connected to AD using ldap_bind_s and also communicate with slapd to pass user details to authenticate?
Thanks,
On Thu, Jun 13, 2013 at 1:18 AM, Michael Ströder michael@stroeder.comwrote:
Ganesh Borse wrote:
I am new to OpenLDAP. We are migrating our application (integrated with webserver) from Windows to FreeBSD.
However, this is adding a bit of a problem. Previously, I used Microsoft SSPI authentication loop mechanism to authenticate the users connecting from GUI client (launched from computers in MS active directory) to our application. AD authentication helped avoid maintaining separate
passwords.
Now, since we are moving to FreeBSD and web based interface, it is difficult to use the same SSPI mechanism and so, the users connecting to this application from web browser can be authenticated using the AD credentials.
You should rather try to learn about WebSSO with SPNEGO/Kerberos. Personally I have configured CAS with SPNEGO/Kerberos and LDAP fallback for password checking for some customers. There might be other decent WebSSO implementations with support for that.
But this is highly off-topic here. So don't follow up on OpenLDAP lists.
Ciao, Michael.