[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Ldap challenge

To: Clément OUDOT <clem.oudot@gmail.com>, Dan White <dwhite@cafedemocracy.org>
Subject: Re: Ldap challenge
From: "Ross, Daniel B." <daniel.ross@emory.edu>
Date: Mon, 27 Apr 2015 13:48:55 +0000
Accept-language: en-US
Authentication-results: openldap.org; dkim=none (message not signed) header.d=none;
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-language: en-US
In-reply-to: <CAK_oV4_0CaYVg5T2oXnsUOqko4iCmvb6ikXfA+6CgnWJGyRMuw@mail.gmail.com>
References: <1429733256070.64524@emory.edu> <20150424170230.GJ3831@dan.olp.net>, <CAK_oV4_0CaYVg5T2oXnsUOqko4iCmvb6ikXfA+6CgnWJGyRMuw@mail.gmail.com>
Thread-index: AQHQfTdOdMk4JHX/UU6mwNCpv7w4051cZniAgAAgj4CABF9eEA==
Thread-topic: Ldap challenge

Will any of this work with the secure 636 connection with TLS?   Thats what I have to connect using.  Its not a port 389 connection.   I saw this documentation before but couldn't find anything that said it work over 636.  
For further consideration,  I also don't have kerberos nor do I have the availability to install anything on a windows system that is bound to the domain, as that is forbidden.  They would have to control the system and would then not allow anything to be installed on it.
Daniel

Operating Systems Analyst/Development, Lead
Rollins School of Public Health at Emory University
404-727-9931
Daniel.ross@emory.edu

________________________________________
From: Clément OUDOT <clem.oudot@gmail.com>
Sent: Friday, April 24, 2015 2:59 PM
To: Dan White
Cc: Ross, Daniel B.; openldap-technical@openldap.org
Subject: Re: Ldap challenge

2015-04-24 19:02 GMT+02:00 Dan White <dwhite@cafedemocracy.org>:
> On 04/22/15 20:08 +0000, Ross, Daniel B. wrote:
>>
>> Ok I have looked a couple options but I really dont know how to accomplish
>> what I need to do.
>>
>> Here is what I am trying to do.
>>
>>
>> I have a greater organization that is stuck on using Microsoft products
>> namely Microsoft LDS.   To make matters worse they present the data to my
>> linux servers in a completely non-standard way.   Its driving my solaris
>> and linux box nuts and they simply dont want to work with it.
>>
>> What i need to do is continue to use the campus usernames and passwords
>> but present the Data in a format that my linux/unix hosts can use.  Is
>> this possible?
>>
>> i.e.  userid would still be samwise but instead of a bizzarre
>> OU=monkeypeople,dc=example,dc=com I want it to present as
>> people,dc=example,dc=com.
>>
>> I looked at referral and aliasing but it does not seem to be doing what I
>> am trying to do.  Passthrough authentication looks close but I cant find
>> sufficient documentation to actually configure a system to use it.
>
>
> See slapo-rwm(5).
>
> Pass-through is documented in section 14.5 of the Administrator's Guide:
>
> http://www.openldap.org/doc/admin24/
>
> Supporting Cyrus SASL documentation:
>
> http://www.cyrussasl.org/docs/cyrus-sasl/2.1.25/
> And /saslauthd/LDAP_SASLAUTHD within the Cyrus SASL source.
>
> You'll find workable pass-through examples for authenticating to Exchange
> in this list's archives as well as the Cyrus SASL list archives. The 'ldap'
> and 'kerberos5' saslauthd backends should both be workable solutions.


Hi,

you can also find a documentation on  SASL delegation here:
http://ltb-project.org/wiki/documentation/general/sasl_delegation


Clément.

References:
- Ldap challenge
  - From: "Ross, Daniel B." <daniel.ross@emory.edu>
- Re: Ldap challenge
  - From: Dan White <dwhite@cafedemocracy.org>
- Re: Ldap challenge
  - From: Clément OUDOT <clem.oudot@gmail.com>

Prev by Date: Re: OpenLDAP keeps on dying sporadically
Next by Date: Re: separate loglevels for different databases?
Index(es):
- Chronological
- Thread