On 01/07/19 16:18 -0500, vadud3@gmail.com wrote:
>I am using openldap proxy today with ldap backend.
>
>Any suggestions on how to use kerberos as the backend?
>
>Here is my config (sanitized)
>
>$ cat slapd.conf
>### Database definition (Proxy to AD) #########################################
>database ldap
>readonly yes
>protocol-version 3
>rebind-as-user yes
>uri "ldaps://ldap.example.com:1636"
>suffix "ou=People,dc=example,dc=net"
I'm not clear on where kerberos authentication fits scenario, but
the two pieces of documentation to start with would be the slapo-ldap
manpage, and the OpenLDAP Software 2.4 Administrator's Guide, section 14.5,
and chapter 15.
If that doesn't adress your question, please provide more detail, including
how your clients authenticate with the proxy server.
I do not see any slapo-ldap in my search for man page in openldap site
So on my client I like to point to kerberos proxy for authentication.
Today I am using ldap proxy with -H ldaps://
127.0.0.1 and it works fine like below
ldapsearch -LLL -x -y ~/.ldap-pass -H ldaps://
127.0.0.1 uid=foo
And under sssd ldap auth works fine like below
auth_provider = ldap
I want to start using kerberos setting like below and start using kerberos for authentication
auth_provider = krb5
But I do not have anything running on port 88
May be I am not understanding how to implement kerberos proxy.
Appreciate any help.
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer:
pgp.mit.eduA: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?