Solved

Ldap authentication against active directory

Posted on 2010-09-15
3
628 Views
Last Modified: 2012-06-22
Hi ,

I was able sucessfully able to bind to the ldap server but in doing so i had to hard code in my username and password , i was wondering is there a way for me to be not hard code the uname and passwd and bind to the ldap server

my config looks like this

AuthLDAPBindDN "cn=XXXX,ou=users,ou=intra,ou=XXX,ou=XXX,ou=ad,dc=XXX,dc=XXX"
AuthLDAPBindPassword "XXXXXX"
   AuthLDAPURL "ldap://test.abc.com:4389/ou=XXX,ou=ad,dc=XXX,dc=XXX?sAMAccountName?sub?"
   AuthType Basic
   AuthBasicProvider ldap
   require valid-user
   AuthzLDAPAuthoritative off

Instead of using the username in cn and AuthLDAPBindPassword "XXXXXX" (* actual password ) is there a way to bind to the ldap server ?
0
Comment
Question by:Justin_Edmands
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 26

Expert Comment

by:jar3817
ID: 33687665
Not really, you need a dn and a password to bind to AD. Typically you'd create a service account in AD (not one any user uses) and hard code that in your apache config.
0
 
LVL 78

Expert Comment

by:arnold
ID: 33688099
Unfortunately you did not include what you are using this setup for.
There are alternatives such as using kerberos, samba and winbind to integrate AD and linux/unix.
I.e. centrally manage users from the AD that would then be allowed to login into the linux box.

In nsswitch.conf in the user/passwd you would have the second parameter instead of ldap you'll have winbind.

A quick search for Linux AD integration provides many examples.

http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/
http://linux.boeldt.net/Linux_active_directory.asp

The linux system gets added into the AD as a computer.
0
 
LVL 7

Accepted Solution

by:
askb earned 500 total points
ID: 33781104
The default authentication mechanism in AD is Krb5 (Kerberos). You would use winbind / nsswitch to authenticate a linux client to LDAP server. But remember that if you are using linux clients and you have PAC credentials (authorization info) on the credentials of your user/id this may not work as PAC is propritary and specific to AD/Windows entities only.  

The alternative for you to not hard code the user name and password would be to use Kerberos credentials through SASL mechanism supported in LDAP.
Assuming that you are using ldapsearch (make sure you have the LDAP / GSSAPI / SASL libs installed on your box) do the following steps:

1. kinit principalname@AD_DOMAIN.COM                               -> this will get you your init credentials.

2. ldapsearch -Y GSSAPI -h <AD Server> -o <> <search filter>              ---------->this will enable you to perform an ldap operation based on your above credentials.

Note: the above example was for doing LDAP search using kerberos credentials. For this you need to configure your krb5.conf on your linux box.

Let me know if you need more help!

 

0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Active Directory Account getting mysteriously locked 13 81
Changing logon server question 5 68
Removing Exchange 2003 3 17
PowerShell: Adding ToGB to a script 4 30
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question