3.47.1. Using <AuthBy LDAP2> with Microsoft Active Directory Previous topic Parent topic Child topic Next topic

When using <AuthBy LDAP2> together with Microsoft Active Directory (AD), you may need to try the following:
  • Use ServerChecksPassword when the user must be authenticated. AD does not provide password to LDAP. In this case, do not use HoldserverConnection. For more information, see Section 3.47.10. ServerChecksPassword.
  • Leave BaseDN empty if you use Global Catalog. For more information, see Global Catalog and LDAP Searches Opens in new window.
  • Global Catalog contains all users but not necessarily not all the attributes. Use port 3268 for LDAP and port 3269 for LDAPS to access to Global Catalog.
  • Use AttrsWithBaseScope if you need to get a constructed attribute, such as tokenGroups, for a certain user. For more information, see Section 3.47.8. AttrsWithBaseScope.