[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Pass-Through authentication

To: "Paulo Jorge N. Correia (paucorre)" <paucorre@cisco.com>
Subject: Re: Pass-Through authentication
From: Indexer <indexer@internode.on.net>
Date: Mon, 15 Nov 2010 22:14:11 +1030
Cc: openldap-technical@openldap.org
In-reply-to: <C388BCF3C441494F84328E421E3893D4035BC12B@XMB-AMS-110.cisco.com>
References: <C388BCF3C441494F84328E421E3893D4035BC12B@XMB-AMS-110.cisco.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 15/11/2010, at 04:59, Paulo Jorge N. Correia (paucorre) wrote:

> Hi all,
> 
> I'm just starting with openLDAP and saslauth, and I'm trying to
> replicate what I can achieve with ADAM/AD LDS in Windows platform.
> 
> 
> 
> I'm trying to use openldap to aggregate user information from several AD
> servers under different forests.
> 
> 
> 
> So single point of contact from an LDAP perspective for an organization,
> and then openldap should pass-through the authentication request that
> receives to the AD DC of the respective user.
> 
> 
> 
> This works well with saslauthd for a single domain, but if I need to do
> this with multiple domains, I don't know how to configure saslauthd.

Windows, and AD utilise kerberos. Just treat your AD servers as KRB5 realms, and it works. both MIT and Hemidal can work with this, so following the passthrough instructions for these will work

Alternatively, you can use AD as an ldap server, but it follows much the same principals.

http://www.openldap.org/doc/admin24/security.html



> 
> 
> 
> Can someone help ?
> 
> 
> 
> Thank you,
> 
> Paulo
> 

William Brown

pgp.mit.edu



-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)

iQIcBAEBAgAGBQJM4R0OAAoJEHF16AnLoz6JlK8QAK0YtQX1y6J/yH1dq36zyr0x
p6gA7j6/pWwqzspUcC5srESejrx76Yn9wGOGku3epCu4QwcEtx9MOVPdhmBT9hCk
wXUnvP+4ePpo2wAMvrrkv+K0FfNbAQVJt44zGzrGxRrfSVPqkU+B0nsFYCbxjUF0
NHS3p+XRftqnQNOnsH3aNgB5HDnA5romlq3ikdSyUQRIZpt+BD7ueu07BVG5qhFN
6L/rT8JfLI2X/Liw70LeZg1XifZDyOMXfbaj84Q6JeyObdQidPYXKev9Nlm5CDt/
qOh1ZYTPoUuz7oLRjjNEnHXXiSeGB3DeHxoY+wsgnNd9AnLPKHn4xxFz65DQAUva
LtJxxFpVOE4uTCTx+Sl58v3qfn87CtxX/EdHw1th25E3L+zh3LCfVG9uRApbwYeI
Sb7BH8N7varUnrm1ZoqSZ1EO31jrBNjfqOwXMs7jLJBLlEobPUuX3mk5TehgyrD8
0zLPbaVIzN5Dq/PTG7pT27D/9ABbqTGr0lpridxyDQSzPrBP4Pvx6EdmxqDbuY3n
jDW7F3Xixxg0gPoi+/5A9XO7x0nf3TUnV4s9n3gFiRMAAQWs3gks7kgup/+1Rv7k
NvDoA7D1j3oaxd2/o+moHRA9Ko7xY5NqJuyJVXRUdKFwiohxN+t1mlsqF4X3oFTv
xGxKYpsUBdZMKHONbA7v
=X3CH
-----END PGP SIGNATURE-----

Follow-Ups:
- RE: Pass-Through authentication
  - From: "Paulo Jorge N. Correia (paucorre)" <paucorre@cisco.com>

References:
- Pass-Through authentication
  - From: "Paulo Jorge N. Correia (paucorre)" <paucorre@cisco.com>

Prev by Date: Re: AIX as openldap client
Next by Date: Re: Pass-Through authentication
Index(es):
- Chronological
- Thread