Forum .LRN Q&A: Re: External authentication with dotLRN (LDAP)

Collapse
Posted by Trenton Cameron on
Thanks for all of your help openacs is now authenticating against active directory! One more quick question. Is there a way to have this use ldaps or ldap over ssl instead of sending everything in clear text? Thanks again
-Trent
Congrats Trenton. Maybe you could help out Shahid. I'm not sure if he made progress.

We have not figured out how to do it over ldaps or over ssl yet, but it is on our todo list.

Our Active Directory setup allows GSSAPI and GSS-SPNEGO

I was able to find out using the following command:

ldapsearch -h ad.yourdomain.com -D "CN= youruseraccount,CN=Users,DC=yourdomain,DC=com" -x -W -b "" -s base -LLL supportedSASLMechanisms

I think GSSAPI uses Kerberos V to provide secure authentication services

I was able to get it working securely on my powerbook using ldapsearch and iirc I got it to work on debian after installing some Kerberos packages (although it has been awhile since I looked at this).

I am going to be traveling to conferences the next 10 days so I doubt I will have time to help out, but I hope to contribute to figuring this part out when I get back (if you haven't already figured it out with Michael).