First page Previous page Section 3.49. <AuthBy LDAP2> Section 3.49.1. Using <AuthBy LDAP2> with Microsoft Active Directory (667 / 1670) Section 3.49.2. BaseDN Next page Last page

3.49.1. Using <AuthBy LDAP2> with Microsoft Active Directory Previous topic Parent topic Child topic Next topic

When using <AuthBy LDAP2> together with Microsoft Active Directory (AD), you may need to try the following:
  • Use ServerChecksPassword when the user must be authenticated. AD does not provide password to LDAP. In this case, do not use HoldserverConnection. For more information, see Section 3.49.10.
  • Leave BaseDN empty if you use Global Catalog. For more information, see Global Catalog and LDAP Searches.
  • Global Catalog contains all users but not necessarily not all the attributes. Use port 3268 for LDAP and port 3269 for LDAPS to access to Global Catalog.
  • Use AttrsWithBaseScope if you need to get a constructed attribute, such as tokenGroups, for a certain user. For more information, see Section 3.49.8.
First page Previous page Section 3.49. <AuthBy LDAP2> Section 3.49.1. Using <AuthBy LDAP2> with Microsoft Active Directory (667 / 1670) Section 3.49.2. BaseDN Next page Last page