On 02/05/10 14:34 +0200, Michael Ströder wrote:
Dan White wrote:
ldap_servers: ldap://192.168.2.1/
ldap_use_sasl: yes
ldap_mech: DIGEST-MD5
Assuming you can figure out how to do an LDAP sasl bind against Active
Directory, which I haven't been able to do with a non GSSAPI sasl mech.
It's definitely possible to do LDAP SASL bind with DIGEST-MD5 with MS AD. But
my own tests showed that for some reason you have to
1. use the host name instead of an IP address and
2. make sure that there are correct PTR RRs in DNS for your MS AD DC.
Yes, that works for me. If I use our internal DNS server, which resides on
the Active Directory host, then I can bind and authenticate.
Using either the hostname or the IP in the ldap_servers line works for me,
probably because we have both A and PTR records configured.
--
Dan White
