Am Mon, 25 Feb 2019 13:34:45 -0800 schrieb N6Ghost n6ghost@gmail.com:
hi all,
I am trying to setup an openldap proxy to AD and i need to use SUSE Enterprise Linux 12.
Hostname:/etc/openldap # rpm -qa|grep -i openldap openldap2-2.4.41-18.43.1.x86_64 openldap2-client-2.4.41-18.43.1.x86_64
what I am trying to do, is proxy an application (with 1000s of users) from talking directory to AD, to talking to openldap. and then have openldap talk to AD. look across the net is a bunch of stuff, but most of it does not seem to apply, or work. look at the offical doc, says use sasl but you must have an local entry with a {sasl] tag on the user thats not really ideal and work make a huge problem. a few of the posts online just said point to AD via ldap is possible? and this application also has a group lookup as part of its auth process... eg, only member of groupX can access....
any help in this would be huge.
seems, i am mixing up a few different ways of doing this whats the bets way to do this?
I presume you are running slapd with slapd-ldap(5) backend. AD requires non standard attribute types, which openldap does not provide. Include AD schema files into slapd. RFC-4513 requires sasl for strong binds, if your AD is setup as KDC you may include openldap services as kerberos host and service pricipals.
-Dieter