-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 15/11/2010, at 04:59, Paulo Jorge N. Correia (paucorre) wrote:
Hi all,
I'm just starting with openLDAP and saslauth, and I'm trying to replicate what I can achieve with ADAM/AD LDS in Windows platform.
I'm trying to use openldap to aggregate user information from several AD servers under different forests.
So single point of contact from an LDAP perspective for an organization, and then openldap should pass-through the authentication request that receives to the AD DC of the respective user.
This works well with saslauthd for a single domain, but if I need to do this with multiple domains, I don't know how to configure saslauthd.
Windows, and AD utilise kerberos. Just treat your AD servers as KRB5 realms, and it works. both MIT and Hemidal can work with this, so following the passthrough instructions for these will work
Alternatively, you can use AD as an ldap server, but it follows much the same principals.
http://www.openldap.org/doc/admin24/security.html
Can someone help ?
Thank you,
Paulo
William Brown
pgp.mit.edu