Active Directory LDAP bind via X.509 client certificate authentication

active-directory windows-server-2016 ldap

Solution 1:

That would be using same attribute mapping mechanisms as smart card authentication. The standard way is to have the user UPN in SAN, mapped to the userPrincipalName attribute. Other attributes could be used, but that is not common: https://docs.microsoft.com/en-us/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration

I don’t know whether LDAP will accept certificate only from CA in the NTAUTH store (which is required for smart cards), or any trusted CA. Easy to test though.

Related

Cannot create KDS Root Key - "Request is not supported"
How to post logs to Cloudwatch with CLI?
Does a M.2 2280 SSD fit in a MacBook Pro (Retina, 15-inch, Mid 2014)?
Photos Having Trouble Accessing Files
'mdls' and 'mdimport' interaction: good practice question
What happens when the kernel_task is killed?
App is greyed out
Is it possible to have only one notification for a text message until the message is read?
Copy extended attributes to new file (ffmpeg)
How do I stop iTunes from automatically opening when I browse an app on apple.com?
May I register with ©copyright my songs made mixed with just apple loops or must be copyleft, creative commons, royalty free, etc...?
Is there a terminal emulator for Mac OS X that supports binding Ctrl+(Shift)+Tab?