[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap proxy to kerberos

To: openldap-technical@openldap.org
Subject: Re: openldap proxy to kerberos
From: Dieter Klünter <dieter@dkluenter.de>
Date: Wed, 9 Jan 2019 11:08:29 +0100
In-reply-to: <CAOHBbgWw0bMe1mbeqvZ8dSFBBkk=+3rPDn=k_6j=UbgKzdk30w@mail.gmail.com>
Organization: AVCI
References: <CAOHBbgUXsYhqXxWZuQ4=zJKgDeAR4tgBgYax=Po1BcNSbDteFg@mail.gmail.com> <20190108092610.1bc0f8a3@pink.fritz.box> <CAOHBbgWw0bMe1mbeqvZ8dSFBBkk=+3rPDn=k_6j=UbgKzdk30w@mail.gmail.com>

Am Tue, 8 Jan 2019 15:15:39 -0500
schrieb vadud3@gmail.com:

> On Tue, Jan 8, 2019 at 3:27 AM Dieter Klünter <dieter@dkluenter.de>
> wrote:
> 
> > Am Mon, 7 Jan 2019 16:18:36 -0500
> > schrieb vadud3@gmail.com:
> >  
> > > I am using openldap proxy today with ldap backend.
> > >
> > > Any suggestions on how to use kerberos as the backend?
> > >  
> > [...]
> >
> > Put it the other way round, use slapd as database backend to
> > kerberos.
> > https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_ldap.html
> >
> >  
> 
> OK, may be then what I am really looking for is a kerberos proxy.
> 
> All my servers today sending ldap auth request to this ldap proxy and
> we want to switch to kerberos auth instead.
[...]

You may try to configure a passthrough authentication, using saslauthd.
There are some configuration examples online. Note that this requires
slapd to be compiled with '--enable-spasswd'

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

References:
- openldap proxy to kerberos
  - From: vadud3@gmail.com
- Re: openldap proxy to kerberos
  - From: Dieter Klünter <dieter@dkluenter.de>
- Re: openldap proxy to kerberos
  - From: vadud3@gmail.com

Prev by Date: Re: openldap proxy to kerberos
Next by Date: Re: Add supportedExtensions to LDAP proxy
Index(es):
- Chronological
- Thread