[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Pass-Through authentication

To: openldap-technical@openldap.org
Subject: Re: Pass-Through authentication
From: Jonathan Clarke <jonathan@phillipoux.net>
Date: Mon, 15 Nov 2010 12:13:17 +0000
In-reply-to: <C388BCF3C441494F84328E421E3893D4035BC12B@XMB-AMS-110.cisco.com>
References: <C388BCF3C441494F84328E421E3893D4035BC12B@XMB-AMS-110.cisco.com>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6

On 14/11/10 18:29, Paulo Jorge N. Correia (paucorre) wrote:
> Hi all,
> 
> I’m just starting with openLDAP and saslauth, and I’m trying to
> replicate what I can achieve with ADAM/AD LDS in Windows platform.
> 
>  
> 
> I’m trying to use openldap to aggregate user information from several AD
> servers under different forests.
> 
>  
> 
> So single point of contact from an LDAP perspective for an organization,
> and then openldap should pass-through the authentication request that
> receives to the AD DC of the respective user.
> 
>  
> 
> This works well with /saslauthd /for a single domain/, but if I need to
> do this with multiple domains, I don’t know how to configure saslauthd./

saslauthd can only launch one LDAP search to find a user and check his
password. So if you're using several AD domains, you need to be able to
perform a single search over all those domains : set up a back-meta with
all the AD forests under it, and point saslauthd at that.

Jonathan

Follow-Ups:
- RE: Pass-Through authentication
  - From: "Paulo Jorge N. Correia (paucorre)" <paucorre@cisco.com>

References:
- Pass-Through authentication
  - From: "Paulo Jorge N. Correia (paucorre)" <paucorre@cisco.com>

Prev by Date: Re: Pass-Through authentication
Next by Date: Re: AIX as openldap client
Index(es):
- Chronological
- Thread