2015-04-24 19:02 GMT+02:00 Dan White dwhite@cafedemocracy.org:
On 04/22/15 20:08 +0000, Ross, Daniel B. wrote:
Ok I have looked a couple options but I really dont know how to accomplish what I need to do.
Here is what I am trying to do.
I have a greater organization that is stuck on using Microsoft products namely Microsoft LDS. To make matters worse they present the data to my linux servers in a completely non-standard way. Its driving my solaris and linux box nuts and they simply dont want to work with it.
What i need to do is continue to use the campus usernames and passwords but present the Data in a format that my linux/unix hosts can use. Is this possible?
i.e. userid would still be samwise but instead of a bizzarre OU=monkeypeople,dc=example,dc=com I want it to present as people,dc=example,dc=com.
I looked at referral and aliasing but it does not seem to be doing what I am trying to do. Passthrough authentication looks close but I cant find sufficient documentation to actually configure a system to use it.
See slapo-rwm(5).
Pass-through is documented in section 14.5 of the Administrator's Guide:
http://www.openldap.org/doc/admin24/
Supporting Cyrus SASL documentation:
http://www.cyrussasl.org/docs/cyrus-sasl/2.1.25/ And /saslauthd/LDAP_SASLAUTHD within the Cyrus SASL source.
You'll find workable pass-through examples for authenticating to Exchange in this list's archives as well as the Cyrus SASL list archives. The 'ldap' and 'kerberos5' saslauthd backends should both be workable solutions.
Hi,
you can also find a documentation on SASL delegation here: http://ltb-project.org/wiki/documentation/general/sasl_delegation
Clément.