On 17/09/2010 15:28, Dan White wrote:
On 16/09/10 18:26 +0530, Vinay Kalkoti wrote:
Hi,
Is it possible to use OpenLDAP client to authenticate against Active Directory without using Samba or SUF ?
Yes. I've seen both GSSAPI and DIGEST-MD5 SASL binds work.
You can also use plain authentication against AD:
ldapsearch -x -H ldap://ad.server/ -D "username@domain.ext" -W -b "dc=domain,dc=ext"
Yes, the -D option will take the userPrincipalName to bind with. This is a bit of a twist on LDAP authentication, and you can of course just use the plain DN instead, as you would on any other LDAP directory.
A random tip: if your AD forest has several domains in it, you'll want to look into querying a "Global Catalogue". These use port 3268 just as the standard LDAP port, but including data from all domains in the forest.
Hope this helps, Jonathan