-
Type: Task
-
Resolution: Won't Do
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: manual
-
Labels:None
-
2
The settings for Configuring LDAP Options with ActiveDirectory would never work in the current version of ActiveDirectory. See: https://docs.mongodb.com/manual/tutorial/configure-ldap-sasl-activedirectory/
The /etc/saslauthd.conf says use the following settings:
ldap_servers: <ldap uri> ldap_use_sasl: yes ldap_mech: DIGEST-MD5 ldap_auth_method: fastbind
MD5 does not work in ActiveDirectory by default. In order to make this work, a user would literally have to go through each user in ActiveDirectory, select a checkbox to enable MD5 and then reset the users password.
Currently, we use the following configuration which may not be ideal, but allows users to connect LDAP to ActiveDirectory
ldap_servers: <ldap uri> ldap_use_sasl: no ldap_match: DIGEST-MD5 ldap_auth_method: bind ldap_search_base: <DC=example,DC=domain,DC=com> ldap_bind_dn: <CN=Test User,CN=Users,DC=example,DC=domain,DC=com> ldap_password:<password>
We do need to do some further research here to provide a better configuration, but as of now, this configuration works better than the current suggestion.