LDAP Binding

[Alan DeKok]

NdK wrote:
> Is it possible to bind to AD's LDAP using the Kerberos ticket obtained
> at join time?

  No.  The LDAP API doesn't support that.

> That would allow to search for group membership without spawning more
> processes...

  Huh?  You can configure AD as an LDAP server, and do group membership
checks.  All you need is a read-only administrator account.

  Alan DeKok.