Sounds like a SASL2 pass-through solution could work, esp. if you can get an account there with query capabilities. I will look for some references that could get you started.
Chuck
Sent from my Verizon Wireless 4G LTE DROID
Timothy Keith timothy.g.keith@gmail.com wrote:
We have limited access to the servers. Same company, different IT organization. Our LDAP requirement must be transparent to those servers. We want to inherit the LDAP directory information from the Unix servers - mostly the user Id and passwords, and add information that is needed by applications that our servers will manage.
Tim
On Fri, Dec 18, 2015 at 4:01 PM, Chuck Theobald chuckt@uoregon.edu wrote:
Details of your authn server would be helpful. Do you have access to the admins of that server? Are they cooperative?
I tried to set this up using SASL to communicate with the campus Active Directory. Reliability is a bit suspect, it will typically take 3-4 attempts to get a successful authentication. Also, the setup requires an account on AD that is capable of making queries. The particulars of our installation force me to use my own - not ideal.
Anyway, your situation may vary, so send us some details on what you are trying to talk to for autn.
Chuck
On 12/17/2015 04:32 PM, Timothy Keith wrote:
We are attempting to set up an LDAP server which will answer queries from an application. The database will contain metadata on a set of users in the application. The application will also query the server to authenticate the user’s password, however, this server will not house the password. That resides on another server, which our server will query. We do not have administrative rights to the other server.
The difficulty we are having now is setting up the pass-through authentication for the passwords. Any pointers in how to proceed with this would be greatly appreciated.
Regards,
Tim
-- Chuck Theobald System Administrator The Robert and Beverly Lewis Center for Neuroimaging University of Oregon P: 541-346-0343 F: 541-346-0345
openldap-technical@openldap.org