[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Proxy Just Binds/Authentications from another LDAP?



Michael Ströder wrote:
Don Hoover wrote:
I also just configured saslauthd to have a ldap_servers, and
ldap_search_base only, since SASL is using username and password provided
through openldap to do the binds.

I guess in some ways I am doing a unique thing in that I am actually
proxying another real ldap server, and not doing active directory which so
many seem to be doing these days.

You could also use back-ldap together with slapo-rwm rewriting the bind
requests. This would avoid having to set userPassword value and running saslauthd.

Except that back-ldap will forward all requests to the remote server, not just Bind requests.

I've just added in CVS HEAD a simple extension to back-ldap to allow it to be used as an overlay that only forwards Bind requests. Have a look at that...

http://www.openldap.org/lists/openldap-commit/201002/msg00003.html
http://www.openldap.org/lists/openldap-commit/201002/msg00004.html

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/