Accessing AD from UNIX machines

Achim Grolms kerberosml at
Tue Aug 1 05:39:13 EDT 2006

On Tuesday 01 August 2006 05:01, Michael B Allen wrote:

> Note: Active Directory is a KDC and an LDAP service. The two are tightly
> coupled but your question is more of an LDAP question than it is a
> Kerberos one. But still, I'll answer because I have a neat suggestion.
> PHP is actually a really nice language for UNIX scripting.

Another idea to do this is using Perl, doing the (authentication)bind
by Kerberos against AD.
Cyrus-SASL is *not* needed.


#! /usr/bin/perl -w

use strict;

use Net::LDAP 0.33;
use Authen::SASL 2.10;
my $sasl = Authen::SASL->new( mechanism => 'GSSAPI' );
my $host =  $ARGV[0] || die "\n\nusage: $0 ldapserver \n\n";
my $ldap = Net::LDAP->new(
               onerror => 'die',
           ) or die "Cannot connect to LDAP host '$host'";

my $dse = $ldap->root_dse();
$dse->supported_sasl_mechanism ( 'GSSAPI' ) || die "\n sorry, $host does not 
support GSSAPI...\n";;
eval {
    $ldap->bind( sasl => $sasl  );
} or  die $@, $sasl->error(), "\n Terminating.\n";

print "\n SASL-bind to $host successfull...\n\n";

More Details on


More information about the Kerberos mailing list