On 05/30/17 08:10 +0200, Ulrich Windl wrote:
Clément OUDOT clem.oudot@gmail.com schrieb am 29.05.2017 um 20:43 in
Nachricht CAK_oV4-DYo6d=LgWnu7foGkYQ4n9mjHiDbmo1t9uGyJT5e8EFQ@mail.gmail.com:
2017-05-29 19:00 GMT+02:00 Dan White dwhite@cafedemocracy.org:
On 05/29/17 23:36 +0900, Alexandre Rosenberg wrote:
I am in a environment where we use both OpenLDAP and Active Directory. All Linux servers authenticate against OpenLDAP where we have user group, unix group (...)
Pass-through authentication should work if you're performing simple binds. Chapter 14 of the admin guide has a good example.
You can also find a tutorial here: https://ltb-project.org/documentation/general/sasl_delegation
I have one question: Why is hte AD admin accound needed to authenticate? I see a problem with the AD admin password being stored in cleartext in the saslauthd configuration...
Here's a simpler approach that does not require storing a password:
https://www.openldap.org/lists/openldap-technical/201106/msg00198.html
This was tested against AD 2003. You may need to use ldaps with newer versions.
openldap-technical@openldap.org