SEC-130: Support for Active Directory logins #391

Closed
spring-issuemaster opened this Issue Dec 20, 2005 · 1 comment

1 participant

@spring-issuemaster

Luke Taylor (Migrated from SEC-130) said:

This can probably be done using a specific authenticator implementation or by extending the existing BindAuthenticator.

@spring-issuemaster

Luke Taylor said:

It seems that AD can be supported using the existing authentictor. From my post of the dev list:

[quote]
I’ve heard of two “alternative” pseudo-DN syntaxes supported by AD. One
is “username@domain” and the other is “domain\username”.

I think you can try binding with either of these using the existing
BindAuthenticator. If the user types in the entire name, you could have:

{0}

or if they only type in the username part, you could use something like

{0}@mycompany.com


domain\{0}

[/quote]

Anthony Geoghegan’s response:

[quote]

I’ve tested both:
{0}@mycompany.com

domain\{0}

And they work with Active Directory 2003. The top one is of special
interest as this is the Kerberos service principal name.

[/quote]

User’s can of course also bind with a full DN directly.

@spring-issuemaster spring-issuemaster added this to the 1.0.0 RC2 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment