Dear Friends

I am new to OpenLDAP. We are migrating our application (integrated with webserver) from Windows to FreeBSD.

However, this is adding a bit of a problem. Previously, I used Microsoft SSPI authentication loop mechanism to authenticate the users connecting from GUI client (launched from computers in MS active directory) to our application. AD authentication helped avoid maintaining separate passwords.

Now, since we are moving to FreeBSD and web based interface, it is difficult to use the same SSPI mechanism and so, the users connecting to this application from web browser can be authenticated using the AD credentials.

The function ldap_bind_s requires explicit password when connecting to directory server using a username other than logged in user.

Also, pass-through authentication mechanism (14.5) outlined in OpenLDAP-Admin-Guide cannot be used as it is for slapd.

Thus, can you please help me know, how can I authenticate a user configured in AD and connecting from web browser running on a computer in AD using openLDAP client on FreeBSD? I want to avoid maintaining or passing passwords on FreeBSD.

Many thanks in advance for your time and help.

Thanks and Regards,
- ganesh