| |
SSO -- How can I use LDP to do Single Sign-On? |
|
|
Subject: SSO -- How can I use LDP to do Single Sign-On?
Author: authen
In response to: If everything goes right, what I can see?
Posted on: 02/08/2010 03:56:28 PM
Supposed that all settings are correct as follows:
Server: myAD.myCompany.com
Port: 389
Bind Function Type: Generic
Bind method: SSPI
Synchronous: checked
Use auth. identit: checked
If you have successfully logged into your terminal already, let say with "testuser@MYCOMPANY.COM", then you do not need to type in the user identity and password again. You can just simply leave the 'User' and 'Password' as blank as follows:
User: <blank>
Password: <blank>
(box checked)Domain: MYCOMPANY.COM
The LDAP.exe will retrieve current user's credentials from the Kerberos Tickets Cache. You will get, on the client side, the following message:
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3
{NtAuthIdentity: User='NULL'; Pwd= <unavailable>; domain = 'MYCOMPANY.COM'.}
Authenticated as dn:'NULL'.
On the server side, binding request was received and it did use Kerberos for SASL GSS-SPNEGO for the current user.
>
> On 02/08/2010 03:39:18 PM authen wrote:
If all settings are correct as follows:
Server: myAD.myCompany.com
Port: 389
Bind Function Type: Generic
Bind method: SSPI
Synchronous: checked
Use auth. identit: checked
User: testuser
Password: <password>
(box checked)Domain: MYCOMPANY.COM
You will get, on the client side, the following message:
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3
{NtAuthIdentity: User='testuser'; Pwd= <unavailable>; domain = 'MYCOMPANY.COM'.}
Authenticated as dn:'testuser'.
On the server side, binding request was received and it did use Kerberos for SASL GSS-SPNEGO.
References:
|
|
|
|
