auth against active directory?
morgan at orst.edu
Sat Dec 3 21:57:12 EST 2005
On Sat, 3 Dec 2005, Bill Kearney wrote:
> Heh, 'easy enough' and LDAP rarely seem to be found together. Throw in SASL
> and it /really/ goes downhill.
> I figure it should be easy but given that I've never actually made a
> 'generic' LDAP connection to an active directory I'm not entirely sure where
> to start. And given the potential for amount of time fiddling with sasl is
> known to absorb I'm doubly cautious.
I use cyrus-imapd -> saslauthd -> pam_ldap -> iplanet directory server.
At our site, we create unix accounts by creating ldap entries in the
iplanet directory server, then we create matching, synchronized accounts
in AD for Windows. To the end users, it appears as one account.
I don't authenticate against AD for cyrus, but I'm fairly familiar with
using LDAP to talk to AD. Do you have any specific questions? I know of
no reason it wouldn't work using pam_ldap as above.
More information about the Info-cyrus