Howard Chu wrote:
radiatejava wrote:
I am trying to do OpenLDAP integration with Microsoft AD/LDAP. For some initial troublehooting purpose, I am looking for using ldapsearch command with SASL bind (DIGEST-MD5).
Can anyone give me the exact syntax for how to use ldapsearch command with SASL bind for active directory ? Appreciate your help. I have been trying out whats there over the web but no luck yet.
I seem to recall that MSAD only supports SASL/GSSAPI.
Not true. I used DIGEST-MD5 in a customer project a lot. In really old MS AD (2000?) you had to turn on a specific option in the user entry to make it work. But that's ancient history.
@radiatejava: Test with command-line option "-Y DIGEST-MD5".
Beware that there's a bug with non-ASCII chars in the user name. The MS AD versions I've tested always assumed the user name to be in ISO-8859-1 although sniffing the SASL traffic read like UTF-8 charset option. Maybe this also depended on the localization version.
Ciao, Michael.