2017-05-29 19:00 GMT+02:00 Dan White dwhite@cafedemocracy.org:
On 05/29/17 23:36 +0900, Alexandre Rosenberg wrote:
I am in a environment where we use both OpenLDAP and Active Directory. All Linux servers authenticate against OpenLDAP where we have user group, unix group (...)
This means that if perform a BIND and a search, the BIND should be performed against the AD but the search result should from OpenLDAP. (anonymous search is fine)
The short username are used in in OpenLDAP like this:
uid=john01,ou=People,dc=example,dc=comWhile the AD uses the long username. From my test when binding to AD, only the "DN" is simply set to the username.
john.smith@example.comPass-through authentication should work if you're performing simple binds. Chapter 14 of the admin guide has a good example.
You can also find a tutorial here: https://ltb-project.org/documentation/general/sasl_delegation
Clément.