|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
On 02/05/10 14:34 +0200, Michael Ströder wrote:
Dan White wrote:ldap_servers: ldap://192.168.2.1/ ldap_use_sasl: yes ldap_mech: DIGEST-MD5 Assuming you can figure out how to do an LDAP sasl bind against Active Directory, which I haven't been able to do with a non GSSAPI sasl mech.It's definitely possible to do LDAP SASL bind with DIGEST-MD5 with MS AD. But my own tests showed that for some reason you have to 1. use the host name instead of an IP address and 2. make sure that there are correct PTR RRs in DNS for your MS AD DC.
Yes, that works for me. If I use our internal DNS server, which resides on the Active Directory host, then I can bind and authenticate. Using either the hostname or the IP in the ldap_servers line works for me, probably because we have both A and PTR records configured. -- Dan White