auth against active directory?

Andrew Morgan morgan at
Sat Dec 3 21:57:12 EST 2005

On Sat, 3 Dec 2005, Bill Kearney wrote:

> Heh, 'easy enough' and LDAP rarely seem to be found together.  Throw in SASL
> and it /really/ goes downhill.
> I figure it should be easy but given that I've never actually made a
> 'generic' LDAP connection to an active directory I'm not entirely sure where
> to start.  And given the potential for amount of time fiddling with sasl is
> known to absorb I'm doubly cautious.

I use cyrus-imapd -> saslauthd -> pam_ldap -> iplanet directory server.

At our site, we create unix accounts by creating ldap entries in the 
iplanet directory server, then we create matching, synchronized accounts 
in AD for Windows.  To the end users, it appears as one account.

I don't authenticate against AD for cyrus, but I'm fairly familiar with 
using LDAP to talk to AD.  Do you have any specific questions?  I know of 
no reason it wouldn't work using pam_ldap as above.


More information about the Info-cyrus mailing list