[Date Prev][Date Next]
Proxy Just Binds/Authentications from another LDAP?
- To: firstname.lastname@example.org
- Subject: Proxy Just Binds/Authentications from another LDAP?
- From: Don Hoover <email@example.com>
- Date: Tue, 2 Feb 2010 08:57:51 -0800 (PST)
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1265129871; bh=lGHM19ijxsRvzvMYqkQJ9VWmkbZfx1YEA5E3Z+O+tT4=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=FoL3xvjpMijawLBKMd6VUSG/JRJ3b4e2Fb1cCF9OGilQywXA3nf2sYO9RjBgQU6Vkgfet3d5mVwCdIM8hYJwSsCX0W1JlhTCJIrvyBhjgfj3eo/Ni/chSghAUH32FHjfWUwgeW8ej+wdQOePtFyyE9TrzWUJi6oQNaM6UNXSd1o=
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=j/N5lTZLPvRCuaQ8wIW+H8wOdt1i51pqpXLVjnH/PC8bkin2e+o++oXrINarFAVQhDTDqEzTkkWr54lwNDG4gHx4g5YJHnwFd54kQVeal9wKfSaJFwGjAyIoMv+DvdjYulwHGKRx3r7ol0dRybgWnAXxsEMM+K3Qm769E9ks1oc=;
I have been reading how to use slapd-ldap, and one thing that is not clear is if its possible just to proxy bind's.
I have a LDAP directory that has all the unix posix accounts info in it for our users, but we have another LDAP server that has all the applications info and passwords for the users and is what should be doing all the actual authentication.
What I would like to do is let the NIX systems get their unix account data from our LDAP server(/etc/passwd data etc), but proxy the bind requests generated from the user logins to the other LDAP server for authentication from the LDAP server that the system is pointed at for the posix account data.
Is it possible just to force regular bind requests only to the other LDAP server and use that to authenticate our users?
Most of the examples I have seen are all about using the proxy features of slapd-ldap to provide the actual data from the other LDAP server seamlessly, and not really for using that backed proxied LDAP server to just authenticate the binds.