[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldapsearch query via OpenLDAP proxy to AD



> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Lank, Tim

> Perhaps I still don't understand.  The username and password 
> that the linux clients would be putting in are the same as 
> their  Active Directory usernames and passwords.  My thought 
> was that I would be able to not have to setup the pam_ldap 
> and nss_ldap  on every linux client, but rather point them at 
> an OpenLDAP server setup as a proxy that will take care of 
> passing these credentials back and forth from the AD to the 
> respective linux clients. 
> 
> Is this not how it works? 

No, that's not how it works. Perhaps you should do some more reading before
attacking this problem. Try the pam and nss documentation first, then the
pamldap and nssldap mailing lists. 
 
> In order to do authenticate linux clients to the AD, from 
> what you are indicating below, I cannot use OpenLDAP in this 
> way using either back-meta or back-ldap because they cannot 
> pass the original username and password "as-is" over to the 
> AD and the approval or denial back to the originating client. 
>  Please clarify.

back-meta/back-ldap can pass simple authentication, that's not the problem.
The problem is that you don't know how to use pamldap or nssldap, and this
mailing list is not the place to teach you how to use them.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support 

<<attachment: winmail.dat>>