Re: Issues while integrating with Microsoft Active Directory

From: Dan White (no email)
Date: Sun May 02 2010 - 14:12:55 EDT

  • Next message: Howard Chu: "GSSAPI naming extensions"

    On 02/05/10 14:34 +0200, Michael Ströder wrote:
    >Dan White wrote:
    >> ldap_servers: ldap://
    >> ldap_use_sasl: yes
    >> ldap_mech: DIGEST-MD5
    >> Assuming you can figure out how to do an LDAP sasl bind against Active
    >> Directory, which I haven't been able to do with a non GSSAPI sasl mech.
    >It's definitely possible to do LDAP SASL bind with DIGEST-MD5 with MS AD. But
    >my own tests showed that for some reason you have to
    >1. use the host name instead of an IP address and
    >2. make sure that there are correct PTR RRs in DNS for your MS AD DC.

    Yes, that works for me. If I use our internal DNS server, which resides on
    the Active Directory host, then I can bind and authenticate.

    Using either the hostname or the IP in the ldap_servers line works for me,
    probably because we have both A and PTR records configured.

    Dan White

  • Next message: Howard Chu: "GSSAPI naming extensions"

    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs

    Powered By FreeBSD   Powered By FreeBSD