[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Use OpenLDAP for some users and as a proxy for another set of users?
- To: openldap-technical@openldap.org
- Subject: Re: Use OpenLDAP for some users and as a proxy for another set of users?
- From: Clément OUDOT <clement.oudot@savoirfairelinux.com>
- Date: Thu, 26 May 2016 21:58:34 +0200
- In-reply-to: <CAEUK8qpKj-VnUe7A6hULq1=5cK7MXGg_WuDNbtrSGZDERMxCpQ@mail.gmail.com>
- Organization: Savoir-Faire Linux
- References: <CAEUK8qpKj-VnUe7A6hULq1=5cK7MXGg_WuDNbtrSGZDERMxCpQ@mail.gmail.com>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0
Le 26/05/2016 15:38, Siebrand Mazeland a écrit :
Hi. I'm a first time poster, new to OpenLDAP, and I have identified
this list as the (hopefully) best place for my question.
I have an Active Directory that contains accounts and groups for
employees. Besides that, there is a group of around 1000 people that
also need to authenticated and authorized (based on group membership).
I'm trying to assess if OpenLDAP can be used for a scenario to avoid
Windows CAL license costs.
Is it possible to administer and authenticate the non-employees in
OpenLDAP, and proxy requests about users that are not found in
OpenLDAP to an AD? The information needed by the applications using
OpenLDAP would be UPN, sAMAccountName, email address and group
membership of the authenticated users.
If this can be accomplished with OpenLDAP, that would a) be very nice,
and b) I would like you to explain this in brief here, and approach me
off-list to help me accomplish this. If there's no ready-made recipe
for this, and it can be done, I'm willing to publish the configuration
so others can benefit from the work, too.
Hi,
I usualy solve this kind of problem by syncing AD users in OpenLDAP with
LSC (http://www.lsc-project.org) and use then SASL delegation to
authenticate AD users (password is kept in AD):
http://ltb-project.org/wiki/documentation/general/sasl_delegation
Hope it helps,
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003 PARIS
Blog: http://sflx.ca/coudot