Ganesh Borse wrote:
> I am new to OpenLDAP. We are migrating our application (integrated with
> webserver) from Windows to FreeBSD.
>
> However, this is adding a bit of a problem. Previously, I used Microsoft
> SSPI authentication loop mechanism to authenticate the users connecting
> from GUI client (launched from computers in MS active directory) to our
> application. AD authentication helped avoid maintaining separate passwords.
>
> Now, since we are moving to FreeBSD and web based interface, it is
> difficult to use the same SSPI mechanism and so, the users connecting to
> this application from web browser can be authenticated using the AD
> credentials.
You should rather try to learn about WebSSO with SPNEGO/Kerberos. Personally I
have configured CAS with SPNEGO/Kerberos and LDAP fallback for password
checking for some customers. There might be other decent WebSSO
implementations with support for that.
But this is highly off-topic here. So don't follow up on OpenLDAP lists.
Ciao, Michael.