Solved

Ldap authentication against active directory

Posted on 2010-09-15
3
636 Views
Last Modified: 2012-06-22
Hi ,

I was able sucessfully able to bind to the ldap server but in doing so i had to hard code in my username and password , i was wondering is there a way for me to be not hard code the uname and passwd and bind to the ldap server

my config looks like this

AuthLDAPBindDN "cn=XXXX,ou=users,ou=intra,ou=XXX,ou=XXX,ou=ad,dc=XXX,dc=XXX"
AuthLDAPBindPassword "XXXXXX"
   AuthLDAPURL "ldap://test.abc.com:4389/ou=XXX,ou=ad,dc=XXX,dc=XXX?sAMAccountName?sub?"
   AuthType Basic
   AuthBasicProvider ldap
   require valid-user
   AuthzLDAPAuthoritative off

Instead of using the username in cn and AuthLDAPBindPassword "XXXXXX" (* actual password ) is there a way to bind to the ldap server ?
0
Comment
Question by:Justin_Edmands
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 26

Expert Comment

by:jar3817
ID: 33687665
Not really, you need a dn and a password to bind to AD. Typically you'd create a service account in AD (not one any user uses) and hard code that in your apache config.
0
 
LVL 78

Expert Comment

by:arnold
ID: 33688099
Unfortunately you did not include what you are using this setup for.
There are alternatives such as using kerberos, samba and winbind to integrate AD and linux/unix.
I.e. centrally manage users from the AD that would then be allowed to login into the linux box.

In nsswitch.conf in the user/passwd you would have the second parameter instead of ldap you'll have winbind.

A quick search for Linux AD integration provides many examples.

http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/
http://linux.boeldt.net/Linux_active_directory.asp

The linux system gets added into the AD as a computer.
0
 
LVL 7

Accepted Solution

by:
askb earned 500 total points
ID: 33781104
The default authentication mechanism in AD is Krb5 (Kerberos). You would use winbind / nsswitch to authenticate a linux client to LDAP server. But remember that if you are using linux clients and you have PAC credentials (authorization info) on the credentials of your user/id this may not work as PAC is propritary and specific to AD/Windows entities only.  

The alternative for you to not hard code the user name and password would be to use Kerberos credentials through SASL mechanism supported in LDAP.
Assuming that you are using ldapsearch (make sure you have the LDAP / GSSAPI / SASL libs installed on your box) do the following steps:

1. kinit principalname@AD_DOMAIN.COM                               -> this will get you your init credentials.

2. ldapsearch -Y GSSAPI -h <AD Server> -o <> <search filter>              ---------->this will enable you to perform an ldap operation based on your above credentials.

Note: the above example was for doing LDAP search using kerberos credentials. For this you need to configure your krb5.conf on your linux box.

Let me know if you need more help!

 

0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question