[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP Proxy for Active Directory Authentication
2013/6/12 Jason Brandt <jbrandt@fsmail.bradley.edu>:
> We run in a mixed environment, with both Active Directory and LDAP directory
> servers. Some users exist in both LDAP and AD, while some are just in AD.
> As such, we always have obstacles with password sync between directories.
>
> Is it possible, to set up an OpenLDAP proxy (if that's the correct term),
> which would authenticate via Active Directory if the user exists there (or
> if a flag is present in the LDAP entry, etc), otherwise via LDAP if the user
> is not an AD user, thereby eliminating the need to store the password in
> both directories? Directory information would otherwise be pulled from the
> LDAP server, not from Active Directory.
>
>
You could use pass-trough authentification with SASL. See
http://ltb-project.org/wiki/documentation/general/sasl_delegation
Clément.