Thank you. Can I ask you how did you get info about this overlay? This is not even mentioned in Admin Guide at all.
On 2025-02-06 23:54, Quanah Gibson-Mount wrote:
--On Tuesday, February 4, 2025 8:41 PM +0300 "Alexey D. Filimonov" alexey@filimonic.net wrote:
My goal is to [manually] maintain a database of users using OpenLDAP directory, with some set of attributes and values. All of those users have their second accounts in different external LDAP directories (2 directories). For those users, I want OpenLDAP server to passthrough simple_bind authentication to one of those directories.
When I manually create a user in OpenLDAP directory, I want specify a `backend keys` in some attributes, that will tell OpenLDAP server how to process user's simple_bind authentication. For example, I can specify some sort of attributes like `backendRealm = ActiveDirectory1` and `mail = jack@contoso.com` to tell OpenLDAP to lookup object DN on servers from group `ActiveDirectory1` with `mail=jack@contoso.com` filter and try to simple_bind against one server from group `ActiveDirectory1` using DN it fount and password user provided originally.
DNs of all users are not even partially equal between directories. Suffixes are different too. All OpenLDAP users and attributes are maintained manually, without proxying (except authentication).
Please help me if I can do this somehow using OpenLDAP? Can I do this without using SASLD?
Have you read up on slapo-remoteauth?
--Quanah