in article [EMAIL PROTECTED], Kent Wu at
[EMAIL PROTECTED] wrote on 8/30/05 6:07 PM:
For the principal name format to work when binding, the user's Active
Directory record must have that string in the userPrincipalName attribute.
Some domains that got migrated from NT 4 don't have this info set.
Thanks for the reminder and I'll give it a try then !
-Kent
On Wed, 2005-08-31 at 10:51 -0700, [EMAIL PROTECTED] wrote:
> One last thing just popped in my head. You might want to
> run a packet sniffer (I use ethereal) while testing your
> code. Your situation sounds similar to one I encountere
One last thing just popped in my head. You might want to
run a packet sniffer (I use ethereal) while testing your
code. Your situation sounds similar to one I encountered
a couple of months ago, and I have a hunch your code is
automatically rebinding to "referred" LDAP servers without
encrypting
Hi guys,
Thanks for all the inputs I've got so far. And
I've figured out the reason behind it. The reason is that
in the last ldap_sasl_bind_s() step, AD 2000 accepts the
DN format like "[EMAIL PROTECTED]" however AD 2003 only
accepts format like "cn=Kent Wu,cn=Users,dc=blabla,dc=com".
SASL and the GSS-API are not easy to use. They seem
overly complicated to me, and the documentation is
confusing. I could only get them working by looking
at sample code. I first looked at some Samba code,
but decided not to go that route. Openldap
distributes a sample LDAP program which demons
Hi guys,
I used to write a program to authenticate
users against windows 2000 AD by using MIT
Kerberos/GSSAPI SDK as well as SUN LDAP SDK. Basically
what I did is to authenticate users against AD by
using kerberos before doing LDAP search operations.
It was working perfectly until I wanted to
