RE: Confused about LDAP authentication with Active Directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> -----Original Message-----
> From: Davide Bianchi [mailto:davide@xxxxxxxxxxxxxxxxxxxxxxxxxxxx] 
> Sent: Thursday, February 26, 2009 6:51 AM
> To: users@xxxxxxxxxxxxxxxx
> Subject: Re:  Confused about LDAP authentication with Active Directory
>
> Ed Avis wrote:
> > <http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html> imply that
> > Apache connects to the LDAP server using a fixed username and
> > password, and then merely queries the existence of an object in the
> > directory that matches the username. If so how does it check the
> > password supplied by the user?
> 
> The problem is that in order to check the password, you need to 'bind'
> to the AD server using the correct DN, in order to find the DN you need
> to query the AD server with the username. But AD doesn't allow you to
> query it without first binding.
> 
> So you need to bind in order to query, but you need to query to bind. Is
> a sort-of catch-22 situation. Hence the need for a fixed
> username/password to do the first query.
> 
> Davide

While this is true for 100% compliant LDAP servers, MS has "embraced and extended" 
what ActiveDirectory will accept for the user's DN... by "allowing" a Windows NT 
style login in the place of the DN.
The Windows NT style login is in this format:
	Domain\username
Where Domain is the ActiveDirectory Domain, and the username is the ActiveDirectory
samAccountName.

-tony

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux