> Date: Wed, 15 Oct 2014 01:50:02 +0100
> From: hyc@symas.com
> To: jeflebo@outlook.com; openldap-technical@openldap.org
> Subject: Re: OpenLDAP as proxy to Active Directory backend
>
> Jeff Lebo wrote:
> > Goal: LDAP server in Internet facing DMZ to provide authentication for
> > externally hosted applications using internal AD credentials.
> >
> > I've done a LOT of reading and testing, and there is one thing I am still not
> > 100% clear on:
> >
> > Is it possible to do this WITHOUT having a local user database on the OpenLDAP
> > proxy? We will have thousands of users that will need to authenticate, and I
> > can't maintain another user database (adds, removes, etc..). Is there a way
> > to make OpenLDAP just act more like a reverse proxy and forward anything that
> > matches a specific domain on to the internal LDAP/AD server for password
> > verification?
>
> That's exactly what back-ldap does. A couple other posts have already pointed
> you to its manpage/documentation. Everything else mentioned so far (SASL
> passthrough) is misdirection.
>
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
>