On Mon, Jan 7, 2019 at 5:53 PM Dan White dwhite@cafedemocracy.org wrote:
On 01/07/19 16:18 -0500, vadud3@gmail.com wrote:
I am using openldap proxy today with ldap backend.
Any suggestions on how to use kerberos as the backend?
Here is my config (sanitized)
$ cat slapd.conf
### Database definition (Proxy to AD)
#########################################
database ldap readonly yes protocol-version 3 rebind-as-user yes uri "ldaps://ldap.example.com:1636" suffix "ou=People,dc=example,dc=net"
I'm not clear on where kerberos authentication fits scenario, but the two pieces of documentation to start with would be the slapo-ldap manpage, and the OpenLDAP Software 2.4 Administrator's Guide, section 14.5, and chapter 15.
If that doesn't adress your question, please provide more detail, including how your clients authenticate with the proxy server.
I do not see any slapo-ldap in my search for man page in openldap site http://www.openldap.org/software/man.cgi?query=slapo*&sektion=0&manp...
So on my client I like to point to kerberos proxy for authentication.
Today I am using ldap proxy with -H ldaps://127.0.0.1 and it works fine like below
ldapsearch -LLL -x -y ~/.ldap-pass -H ldaps://127.0.0.1 uid=foo
And under sssd ldap auth works fine like below
auth_provider = ldap ldap_uri = ldaps://127.0.0.1
I want to start using kerberos setting like below and start using kerberos for authentication
auth_provider = krb5 krb5_server = 127.0.0.1:88
But I do not have anything running on port 88
May be I am not understanding how to implement kerberos proxy.
Appreciate any help.