Re: Ldap challenge

[Dan White <dwhite@cafedemocracy.org>]

On 04/22/15 20:08 +0000, Ross, Daniel B. wrote:
> Ok I have looked a couple options but I really dont know how to accomplish
> what I need to do.
>
> Here is what I am trying to do.
>
>
> I have a greater organization that is stuck on using Microsoft products
> namely Microsoft LDS.   To make matters worse they present the data to my
> linux servers in a completely non-standard way.   Its driving my solaris
> and linux box nuts and they simply dont want to work with it.
>
> What i need to do is continue to use the campus usernames and passwords
> but present the Data in a format that my linux/unix hosts can use.  Is
> this possible?
>
> i.e.  userid would still be samwise but instead of a bizzarre
> OU=monkeypeople,dc=example,dc=com I want it to present as
> people,dc=example,dc=com.
>
> I looked at referral and aliasing but it does not seem to be doing what I
> am trying to do.  Passthrough authentication looks close but I cant find
> sufficient documentation to actually configure a system to use it.

See slapo-rwm(5).

Pass-through is documented in section 14.5 of the Administrator's Guide:

http://www.openldap.org/doc/admin24/

Supporting Cyrus SASL documentation:

http://www.cyrussasl.org/docs/cyrus-sasl/2.1.25/
And /saslauthd/LDAP_SASLAUTHD within the Cyrus SASL source.

You'll find workable pass-through examples for authenticating to Exchange
in this list's archives as well as the Cyrus SASL list archives. The 'ldap'
and 'kerberos5' saslauthd backends should both be workable solutions.

--
Dan White