As I said, you'll need to adjust for your environment. You also will
likley need to
moduleload the remoteauth overlay.
Thanks I appreciate you taking the time to assist. Trying to wrap my head around all this. The olcRemoteAuthDNAttribute: seeAlso, is that a an attribute that's supposed to be present in my LDAP structure?
The documentation is not very clear on this. Let's say I need to authenticate against an AD domain with the following settings over 389 or 636:
Domain server: dc01.domain.tld
What exactly do I need to put in the remoteauth.ldif file?
I have the following but it's not even trying to authenticate with the remote server. It simply fails auth. I have added the user in openldap with the UserPassword value empty:
dn: cn=module{2},cn=config objectClass: olcModuleList cn: module{1} olcModulePath: /opt/bitnami/openldap/lib/openldap olcModuleLoad: remoteauth.so
dn: olcOverlay={6}remoteauth,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcRemoteAuthCfg olcOverlay: {6}remoteauth olcRemoteAuthTLS: starttls=yes tls_reqcert=never olcRemoteAuthMapping: default ldap://dc01.domain.tld:389 olcRemoteAuthDNAttribute: seeAlso olcRemoteAuthDomainAttribute: maildrop olcRemoteAuthDefaultDomain: default olcRemoteAuthDefaultRealm: ldap://dc01.domain.tld:389 olcRemoteAuthStore: FALSE olcRemoteAuthRetryCount: 3
Thanks