Go it ti work with AD without all th Kerberos realm stuff by using simple mode.
I substituted our data with generic names, but it was as simple as the following steps to get AD authentication working to provide edit permissions to an AD account in a specific OU under another OU.
setauthparam -f ldap-server 192.168.0.1 setauthparam -f ldap-server-hn servername.aaa.com setauthparam -f binding simple setauthparam -f user-attr DOMAINNAME\\ setauthparam -f accounts-dn OU=yyy,OU=zzz,DC=aaa,DC=com setauthparam -f account-obj user setauthparam -f account-name-attr SAMAccountName setauthparam -f memberof-attr memberOf setauthparam edit-map CN=xxx,OU=yyy,OU=zzz,DC=aaa,DC=com
|