David Cunningham wrote:
Hello,
I would like to configure slaps.conf to proxy requests to an AD server.
1.) I want SLAPD to always connect to this AD server as a specific user 2.) I want SLAPD to run all queries including searches against this AD server using the defined user. 3.) I want clients connecting to SLAPD to query AD to be authenticated by revokable client certificate only. If the connecting client has a valid certificate that matches a CA, then it’s LDAP query is allowed and proxied to Active Directory. 4.) The client should also be able to rebind as user after doing a user DN search (to verify username/password).
Does that make sense?
Sure. Read the slapd-ldap(5) manpage for 1 and 2. Read slapd.conf(5) for 3.
4 doesn't make sense after already authenticating via 3 but sure, you can do it.