Michael Ströder wrote:
Don Hoover wrote:I also just configured saslauthd to have a ldap_servers, and ldap_search_base only, since SASL is using username and password provided through openldap to do the binds. I guess in some ways I am doing a unique thing in that I am actually proxying another real ldap server, and not doing active directory which so many seem to be doing these days.You could also use back-ldap together with slapo-rwm rewriting the bind requests. This would avoid having to set userPassword value and running saslauthd.
Except that back-ldap will forward all requests to the remote server, not just Bind requests.
I've just added in CVS HEAD a simple extension to back-ldap to allow it to be used as an overlay that only forwards Bind requests. Have a look at that...
http://www.openldap.org/lists/openldap-commit/201002/msg00003.html http://www.openldap.org/lists/openldap-commit/201002/msg00004.html -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/