Does ldap_sasl_bind_s support NTLM authentication via GSSAPI? It seems that this is variable to the underlying implementation (GSSAPI for NTLM authentication). I am trying to use NTLM authentication to an Active Directory server.
Asked
Active
Viewed 1,503 times
1 Answers
0
As the method call says: this is SASL's problem. You have to specify the SASL mechanism. The GSSAPI mechanism is Kerberos 5. Some GSS-APIs like Heimdal do support NTLM but your SASL impl has to do that too, I guess. I do not think that Cyrus SASL does that. It's best to rely on GSS-API with Kerberos only. This work here from a C SASL bind and a Java SASL bind.
Michael-O
- 18,123
- 6
- 55
- 121
-
It seems for AD LDS, the SASL bind requests goes directly to Windows SSPI (which from my understanding support NTLM). http://technet.microsoft.com/en-us/library/cc816913(v=ws.10) – Daniel Hwang Aug 03 '12 at 16:22
-
@DanielHwang, yes this is correct. Windows relies on its own SASL implementation with SSPI in the background. – Michael-O Sep 04 '12 at 07:49