Luke Taylor (Migrated from SEC-130) said:
This can probably be done using a specific authenticator implementation or by extending the existing BindAuthenticator.
Luke Taylor said:
It seems that AD can be supported using the existing authentictor. From my post of the dev list:
I’ve heard of two “alternative” pseudo-DN syntaxes supported by AD. One
is “username@domain” and the other is “domain\username”.
I think you can try binding with either of these using the existing
BindAuthenticator. If the user types in the entire name, you could have:
or if they only type in the username part, you could use something like
Anthony Geoghegan’s response:
I’ve tested both:
And they work with Active Directory 2003. The top one is of special
interest as this is the Kerberos service principal name.
User’s can of course also bind with a full DN directly.