On Wed, Aug 22, 2018 at 09:42:55AM -0700, Andre Piwoni wrote: > AD allows simple authentication via simple non-anonymous bind with > user credentials > (https://msdn.microsoft.com/en-us/library/cc223499.aspx) and this is > enough to get at least user account information, which includes basic > group memberships. Most ADs that I worked with, in addition to > authenticated user info, allow other browsing after this step. This > includes extended group membership, like nested groups and info.
Ah, sorry, yes, I misread your earlier e-mail. You wrote: > One thing that I had to do was to configure ldap_default_bind_dn and > ldap_default_authtok, which sucks because I don't want to expose > password for some admin account in file. And I skipped the 'admin' word and thought you dislike having a password in the config file at all and were looking for using an anonymous bind. > I should be able to get basic > info about user using provided credentials using simple non-anonymous > bind as I've done in other projects. And this should be possible using ldap_default_bind_dn and ldap_default_authtok _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/GEGFJMF5MJ7A3EI6I6CIUF57IMQFE5CR/
