Re: Ldap challenge

On 04/22/15 20:08 +0000, Ross, Daniel B. wrote: > > Ok I have looked a couple options but I really dont know how to accomplish > what I need to do. > > Here is what I am trying to do. > > > I have a greater organization that is stuck on using Microsoft products > namely Microsoft LDS. To make matters worse they present the data to my > linux servers in a completely non-standard way. Its driving my solaris > and linux box nuts and they simply dont want to work with it. > > What i need to do is continue to use the campus usernames and passwords > but present the Data in a format that my linux/unix hosts can use. Is > this possible? > > i.e. userid would still be samwise but instead of a bizzarre > OU=monkeypeople,dc=example,dc=com I want it to present as > people,dc=example,dc=com. > > I looked at referral and aliasing but it does not seem to be doing what I > am trying to do. Passthrough authentication looks close but I cant find > sufficient documentation to actually configure a system to use it. See slapo-rwm(5). Pass-through is documented in section 14.5 of the Administrator's Guide: http://www.openldap.org/doc/admin24/ Supporting Cyrus SASL documentation: http://www.cyrussasl.org/docs/cyrus-sasl/2.1.25/ And /saslauthd/LDAP_SASLAUTHD within the Cyrus SASL source. You'll find workable pass-through examples for authenticating to Exchange in this list's archives as well as the Cyrus SASL list archives. The 'ldap' and 'kerberos5' saslauthd backends should both be workable solutions.