I'm implementing an LDAP server with OpenLDAP 2.1.25, OpenSSL, Cyrus SASL and Berkeley DB.
In my system I need to have all users passwords in the LDAP Server for use a MetaDirectory to sync the passwords between OpenLDAP and the Active Directory for windows systems. But i'm currently working on OpenLDAP for now.
When a login application (like ftp or ssh) authenticate an user, this must be done by the OpenLDAP server. I'm thinking to use PAM, but this is another problem, since slackware don't support PAM, and slackware is almost a "NEED" in this system. What I expect:
Login application -> PAM -> PAM/LDAP -> SSL/TLS -> SASL -> LDAP Server.
And, what type of strong authentication can i use?I was thinking of MIT Kerberos but this forces the clients to use "kinit" and kerberos changepassword functions and this is not acceptable in my system since i dont have control in all clients.
I simply want a LDAP Server with strong security that stores the users passwords and that authenticates some Linux applications like Samba, FTP, SSH and mail.