Question regarding using OpenLDAP as a proxy to multiple AD servers

[Mārtiņš Mieriņš <martins.mierins@gmail.com>]

Hi,

I'm new to OpenLDAP, I've been reading documentation for some time but
cannot figure out whether there is solution.

We have many products in our company that are using sAMAccountName
(from Active Directory server) as login credentials for authentication
purpose. Now we have an additional requirement to support
authentication of users from another Active Directory server. Since
many products do not allow to specify more than one LDAP server the
idea is to configure OpenLDAP proxy that will then forward requests to
either AD servers. Nevertheless the format of login credentials has to
stay the same.
So the final goal is to be able to authenticate users of both AD
directories via binding against OpenLDAP proxy using sAMAccountName
(can add some other data in DN but it has to be static).

1. Can OpenLDAP be configured to accept sAMAccountName and domain as
bind DN and then forward it to either AD servers depending on domain
name?
2. If not, can OpenLDAP be configured to perform search (including
filtering by sAMAccountName field) behind the scenes and then bind by
using DN of a found user?-> all this happens when user tries to bind
against OpenLDAP proxy
3. Any other solutions?


BR,
Martins