Le Fri, 13 Feb 2009 16:54:36 +0700, "Duong Pham Tung" duongpt3@fpt.com.vn a écrit :
Hi,
Hi,
I am building a solution for web-based application authentication using OpenLDAP as a backend data source. But, in my case, OpenLDAP acts as a proxy and all user information are stored on AD servers. I can get some field from AD to OpenLDAP, but it is not enough for my apps to authentication user because OpenLDAP can’t get password field from ADs. So, can OpenLDAP have other solutions to solve my problem?
OpenLDAP can delegate authentication on other LDAP server, using SASL mechanism. In practice, in your LDAP account information on server A, your have some information in the your password field that tell OpenLDAP how it can replay user authentication on an other LDAP server B. This work perfectly with Active Directory. You have to compile OpenLDAP with cyrus-sasl.
Maybe it can solve your problem.
Cheers, Thomas.