Link to home
Start Free TrialLog in
Avatar of sonun

asked on

ISAPI plugin for IIS 5/6 to authenticate to a LDAP server

I have a web application running on IIS 6 on Win2k3 SP2 Ent. I have to authenticate this web application against an external LDAP server. When I say external, I mean that the server is not part of our IT infrastructure and we cannot control it. We will however, have access to it and be able to point our application to the external LDAP server to authenticate users requesting access to the web application.

I know I can program my web application to authenticate against the LDAP server, but I want to control it from IIS. I also understand that if the LDAP server and the web server was part of the same domain, then I could have used Windows Integrated Authentication. But it is not the case and it will be not be possible to do so either.

I have tried a couple of plugins provided by Novel and the link below,
But I havent succeded yet. I am not sure what I am missing. I am not sure what the external LDAP server is running. It could be SunOne, Novel, or even AD. Irrespective of that I am looking for an ISAPI plugin which could authenticate against each or all of the abovementioned LDAP servers.

There was a related link in this forum, but did not have a resolution.

Please advice.
Avatar of brwwiggins
Flag of United States of America image

have you tried this? I've never used it personally but have seen it installed before

The problem you'll find is that each vendor does their own take on LDAP so you may want to find out exactly what the external LDAP is using to avoid these issues.
Avatar of sonun


I have tried it. It is the Novell LDAP plugin. I will try to find out the external LDAP type. For starters I have a test AD server I want the web app to authenticate against without joining the domain or using Windows Int Auth.
Also, I was wondering if you could shed some light on this. Assuming the LDAP is microsoft AD and the domain name is, what would the following settings for the ldapauth.ini file be? The LDAPHOST and LDAPPORT is pretty obvious, but could you kindly advice on the rest. I might not be entering the correct info here.

!LDAPPORT       389
BINDUSER      uid=mybinduser,ou=xxxxx,dc=yyyy,dc=zzz
BINDPASSWORD      mybindpasswd
LDAPFILTER      (&(cn=%username%)(objectclass=posixaccount))
SEARCHBASE      ou=mybase,ou=xxxxxx,dc=yyyyy,dc=zzz
!CERTSFILE      c:\mycertificate.der
NTUSER          ntuser
NTUSERPASSWORD  ntuserpassword
CACHESIZE      1000
CACHETIME      1800

Please advice.
Avatar of Computer101
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial