Re: OpenLDAP / Active directory cohabitation

[Clément OUDOT <clem.oudot@gmail.com>]

2017-05-29 19:00 GMT+02:00 Dan White <dwhite@cafedemocracy.org>:
> On 05/29/17 23:36 +0900, Alexandre Rosenberg wrote:
>>
>> I am in a environment where we use both OpenLDAP and Active Directory.
>> All Linux servers authenticate against OpenLDAP where we have user group,
>> unix group (...)
>
>
>> This means that if perform a BIND and a search, the BIND should be
>> performed against the AD but the search result should from OpenLDAP.
>> (anonymous search is fine)
>
>
>> The short username are used in in OpenLDAP like this:
>>
>>         uid=john01,ou=People,dc=example,dc=com
>>
>> While the AD uses the long username. From my test when binding to AD, only
>> the "DN" is simply set to the username.
>>
>>         john.smith@example.com
>
>
> Pass-through authentication should work if you're performing simple binds.
> Chapter 14 of the admin guide has a good example.

You can also find a tutorial here:
https://ltb-project.org/documentation/general/sasl_delegation

Clément.