Issues while integrating with Microsoft Active Directory
michael at stroeder.com
Sun May 2 08:34:42 EDT 2010
Dan White wrote:
> ldap_servers: ldap://192.168.2.1/
> ldap_use_sasl: yes
> ldap_mech: DIGEST-MD5
> Assuming you can figure out how to do an LDAP sasl bind against Active
> Directory, which I haven't been able to do with a non GSSAPI sasl mech.
It's definitely possible to do LDAP SASL bind with DIGEST-MD5 with MS AD. But
my own tests showed that for some reason you have to
1. use the host name instead of an IP address and
2. make sure that there are correct PTR RRs in DNS for your MS AD DC.
More information about the Cyrus-sasl