Yes, thanks, remoteauth worked. This is my second message for same theme, sorry, moderation took long i thought my message get lost.
On 2025-02-17 13:58, Ondřej Kuzník wrote:
On Sun, Feb 02, 2025 at 08:59:49AM -0000, alexey@filimonic.net wrote:
And for mail system, I need to grab some of those users to single OpenLDAP database (dc=internal), add some mail system-specific attributes (that dont exist in source ADs) and add passthrough authentication for them to the AD server where they belong. Like this:
cn=jane.smith,ou=horns-and-hooves,dc=internal mailQuota: 10 imapHost: imap1 mail: jane.smith@contoso.com sourceOrg: horns-and-hooves
cn=john.snow,ou=bells-and-whistles,dc=internal mailQuota: 20 imapHost: imap2 mail:: john.snow@contoso.com sourceOrg: bells-and-whistles
I expect algorithm like this: First, I manually create users in OpenLDAP directory without passwords with correct attributes.
How server determines if user is a hosn-an-hooves user or bells-and-whistles user - based on some attriburte value (sourceOrg) or based on DN value (ou=horns-and-hooves,dc=internal vs ou=bells-and-whistles,dc=internal) - IDK if any of this is possible.
Does this algorithm implementation requires SALSd, or it can be done with OpenLDAP-only?
Could you please help me getting this configuration done?
You might want to explore if the remoteauth overlay (maybe in combination with others?) could help you here. Unfortunately nothing specific comes to mind but others here might have dealt with something similar?
Regards,