[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: openldap-technical Digest, Vol 67, Issue 12
It's been awhile since I've messed with this but this sounds like a classic directory chaining or LDAP referral, where
the LDAP client does not find the user and automatically refers the client to the directory having the entry.
============================
Message: 1
Date: Wed, 12 Jun 2013 09:20:56 -0500
From: Jason Brandt <jbrandt@fsmail.bradley.edu>
To: openldap-technical@openldap.org
Subject: OpenLDAP Proxy for Active Directory Authentication
Message-ID:
<CAJ-t26o1=bEWUuv4xeveTNG37jqD-hWCoGbSpofU4fCiywAiiw@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
We run in a mixed environment, with both Active Directory and LDAP
directory servers. Some users exist in both LDAP and AD, while some are
just in AD. As such, we always have obstacles with password sync between
directories.
Is it possible, to set up an OpenLDAP proxy (if that's the correct term),
which would authenticate via Active Directory if the user exists there (or
if a flag is present in the LDAP entry, etc), otherwise via LDAP if the
user is not an AD user, thereby eliminating the need to store the password
in both directories? Directory information would otherwise