Michael Ströder wrote:
Don Hoover wrote:
I also just configured saslauthd to have a ldap_servers, and ldap_search_base only, since SASL is using username and password provided through openldap to do the binds.
I guess in some ways I am doing a unique thing in that I am actually proxying another real ldap server, and not doing active directory which so many seem to be doing these days.
You could also use back-ldap together with slapo-rwm rewriting the bind requests. This would avoid having to set userPassword value and running saslauthd.
Except that back-ldap will forward all requests to the remote server, not just Bind requests.
I've just added in CVS HEAD a simple extension to back-ldap to allow it to be used as an overlay that only forwards Bind requests. Have a look at that...
http://www.openldap.org/lists/openldap-commit/201002/msg00003.html http://www.openldap.org/lists/openldap-commit/201002/msg00004.html