We have limited access to the servers.  Same company, different IT organization.   Our LDAP requirement must be transparent to those servers. We want to inherit the LDAP directory information from the Unix servers - mostly the user Id and passwords, and add information that is needed  by applications that our servers will manage.

Tim

On Fri, Dec 18, 2015 at 4:01 PM, Chuck Theobald <chuckt@uoregon.edu> wrote:
Details of your authn server would be helpful. Do you have access to the admins of that server? Are they cooperative?

I tried to set this up using SASL to communicate with the campus Active Directory. Reliability is a bit suspect, it will typically take 3-4 attempts to get a successful authentication. Also, the setup requires an account on AD that is capable of making queries. The particulars of our installation force me to use my own - not ideal.

Anyway, your situation may vary, so send us some details on what you are trying to talk to for autn.

Chuck



On 12/17/2015 04:32 PM, Timothy Keith wrote:
We are attempting to set up an LDAP server which will answer queries
from an application. The database will contain metadata on a set of
users in the application. The application will also query the server
to authenticate the user’s password, however, this server will not
house the password. That resides on another server, which our server
will query.   We do not have administrative rights to the other
server.

  The difficulty we are having now is setting up the pass-through
authentication for the passwords. Any pointers in how to proceed with
this would be greatly appreciated.

Regards,

Tim



--
Chuck Theobald
System Administrator
The Robert and Beverly Lewis Center for Neuroimaging
University of Oregon
P: 541-346-0343
F: 541-346-0345