How to configure secure authentication against Active Directory

1. Install openldap-clients

 sudo yum install openldap-clients

2. Copy Active Directory CA and intermediate certs into /etc/pki/ca-trust/source/anchors/ and run

 update-ca-trust extract

3. Edit /etc/openldap/ldap.conf

 BASE dc=example,dc=com
 URI ldaps://adc.example.com
 TLS_CACERT /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

4. Create .ldaprc file in your home folder with BINDDN

 BINDDN CN=Full Name,OU=IT,OU=Users,DC=example,DC=com

5. To check a group membership of a user, run

 ldapsearch -x -W sAMAccountName=<username> memberOf