Re: Question regarding using OpenLDAP as a proxy to multiple AD servers

[MJ J <mikedotjackson@gmail.com>]

Hi,

You can accomplish what you desire with the OpenLDAP meta backend and saslauthd.

Full instructions on this page.

https://ltb-project.org/documentation/general/sasl_delegation


-mike

On Fri, Nov 10, 2017 at 2:22 PM, Mārtiņš Mieriņš
<martins.mierins@gmail.com> wrote:
> Hi,
>
> I'm new to OpenLDAP, I've been reading documentation for some time but
> cannot figure out whether there is solution.
>
> We have many products in our company that are using sAMAccountName
> (from Active Directory server) as login credentials for authentication
> purpose. Now we have an additional requirement to support
> authentication of users from another Active Directory server. Since
> many products do not allow to specify more than one LDAP server the
> idea is to configure OpenLDAP proxy that will then forward requests to
> either AD servers. Nevertheless the format of login credentials has to
> stay the same.
> So the final goal is to be able to authenticate users of both AD
> directories via binding against OpenLDAP proxy using sAMAccountName
> (can add some other data in DN but it has to be static).
>
> 1. Can OpenLDAP be configured to accept sAMAccountName and domain as
> bind DN and then forward it to either AD servers depending on domain
> name?
> 2. If not, can OpenLDAP be configured to perform search (including
> filtering by sAMAccountName field) behind the scenes and then bind by
> using DN of a found user?-> all this happens when user tries to bind
> against OpenLDAP proxy
> 3. Any other solutions?
>
>
> BR,
> Martins
>