--On Tuesday, February 11, 2025 6:47 AM -0500 Dino Edwards dino.edwards@mydirectmail.net wrote:
Trying to get pass-through authentication working however, I'm running to the following error in OpenLDAP:
Is the system it supposed to auth against another ldap server? If so I
would recommend slapo-remoteauth instead:
Hi, thanks for replying.
Yes the plan is to auth against AD. I didn't even know about remoteauth which looks much simpler to implement. The problem I'm facing is that I'm attempting to utilize the bitnami openldap container to accomplish this and the documentation you pointed to talks about editing the slapd.conf file which the bitnami container does not utilize. Instead it utilizes the dynamic runtime configuration engine for config flexibility which requires a LDIF database instead. I'm not familiar enough with openldap to configure that.
I would suggest you start with a local installation and then adapt the container configuration from there.
But here's an example for cn-config, you'd probably have to adjust for your own environment.
dn: olcOverlay={6}remoteauth,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcRemoteAuthCfg olcOverlay: {6}remoteauth olcRemoteAuthTLS: starttls=yes tls_reqcert=never olcRemoteAuthMapping: default ldaps://ad.example.com:636 olcRemoteAuthDNAttribute: seeAlso olcRemoteAuthDomainAttribute: maildrop olcRemoteAuthDefaultDomain: default olcRemoteAuthDefaultRealm: ldaps://ad.example.com:636 olcRemoteAuthStore: FALSE olcRemoteAuthRetryCount: 3
--Quanah