LDAP Only Support

Starting with NoMAD 1.0.5(640)BETA NoMAD can now support environments that don’t have Active Directory. If you have a Kerberos environment that has been integrated with an LDAP server, NoMAD can give you the same functionality that you would get if AD was in the mix. Since there’s a variety of different LDAP setups, please test this in your environment and let us know if it’s missing anything.

Getting it working

NoMAD is designed to automatically configure as much as possible and relies on a number of AD-focused methods to do that. In the situation where you don’t have an AD environment you may not have all of these services in place. Don’t worry! As you can manually configure everything that you may need.

Starting Off

To get NoMAD to start doing LDAP-only queries you can set the LDAPOnly preference key to true.

SRV Records

NoMAD by default attempts to find both LDAP and Kerberos services via SRV records in your DNS. You most likely have these for your Kerberos KDCs, but you may not have the records for your LDAP servers. To get around this you can just designate your LDAP servers manually with the LDAPServerList preference key to a comma separated list of your LDAP servers.


Many LDAP environments are configured to use LDAP over SSL. NoMAD fully supports this, but you’ll need to set the LDAPOverSSL preference key to true.

Test It!

NoMAD will allow for password changes, scripts and other actions, sign in and sign out and local password synchronization. The only major feature that you won’t have will be the password expiration countdown. This is mostly because there’s no real standard way to do this in an LDAP-only environment. However, if you’re interested in this please let us know and how you’ve implemented it, as this is something we’d be happy to put more work into.


© 2017 Orchard & Grove Inc.