Hi all !
I’ve spent a few hours this week trying to find a working configuration for an Active Directory LDAP backend.
Basically, only these two configuration directives needs to differ from the documentation’s example ;
user_id_attribute: "sAMAccountName" unique_member_attribute: "member"
This will allow users to login using their account name. No
[email protected] required, simply
user will work.
If you want to enable SSL;
host: "dc01.domain.com" port: 3269 ssl_enabled: true ssl_trust_all_certs: true
3269 is the Global Catalog LDAPS port. I prefer it over the non-GC port, 636, to avoid referrals. Use case may differ according to your own environment, especially if you have multiple domains within a forest.
ssl_trust_all_certs is necessary unless you prefer importing your Active Directory’s domain root CA into the java keystore.