[ejabberd] ejabberd and Active Directory authentication

Leif Johansson leifj at it.su.se
Thu Aug 26 13:48:56 MSD 2004


James Tait wrote:
> Hi Fernando,
> 
> I tried to do the same, but didn't have any luck.  I couldn't even get
> standard openldap tools like ldapsearch to bind to the AD server, though I
> can query it.  In the end, I used the external authentication patch and
> knocked together a small application to do SMB authentication against the AD
> server instead.  I posted it to the list fairly recently.
> 
> Hope this helps,


NB! You need use SASL+GSSAPI+Kerbeos (probably with RC4 support) to talk
to an active-directory server. Good stuff here if you need details:

	ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf

The problem is of course that ejabberd doesn't have a GSSAPI sasl mech.
Imho we need that anyway for xmpp sasl support. It might be necessary
to cobble together an external sasl framewok using cyrus-sasl or gnu
sasl to achieve this goal.

	MVH leifj


More information about the ejabberd mailing list