[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Antw: Re: OpenLDAP / Active directory cohabitation



On 05/30/17 08:10 +0200, Ulrich Windl wrote:
Clément OUDOT <clem.oudot@gmail.com> schrieb am 29.05.2017 um 20:43 in
Nachricht
<CAK_oV4-DYo6d=LgWnu7foGkYQ4n9mjHiDbmo1t9uGyJT5e8EFQ@mail.gmail.com>:
2017-05-29 19:00 GMT+02:00 Dan White <dwhite@cafedemocracy.org>:
On 05/29/17 23:36 +0900, Alexandre Rosenberg wrote:

I am in a environment where we use both OpenLDAP and Active Directory.
All Linux servers authenticate against OpenLDAP where we have user group,
unix group (...)

Pass-through authentication should work if you're performing simple binds.
Chapter 14 of the admin guide has a good example.

You can also find a tutorial here:
https://ltb-project.org/documentation/general/sasl_delegation

I have one question: Why is hte AD admin accound needed to authenticate? I see
a problem with the AD admin password being stored in cleartext in the saslauthd
configuration...

Here's a simpler approach that does not require storing a password:
https://www.openldap.org/lists/openldap-technical/201106/msg00198.html

This was tested against AD 2003. You may need to use ldaps with newer
versions.

--
Dan White