Re: Bind using credentials from another directory server

[Howard Chu <hyc@symas.com>]

Emmanuel Dreyfus wrote:
> Howard Chu <hyc@symas.com> wrote:
> > > Some time ago, I wrote a custom LDAP backend for hijacking
> > > authentication. My goal was to redirect it to a RADIUS server, but you
> > > could modify my code to authenticate against anything else.
> > For the specific case of RADIUS, a full backend is not needed. If your users
> > already have LDAP entries, you can set their userpassword to use the {RADIUS}
> > scheme which will cause a RADIUS server to be used for Simple Bind 
> > authentication. That code is in the contrib/slapd-modules/passwd directory in
> > HEAD and will also be in 2.4.

> I guess it did not exist at the time I hacked ldap2radius. Or I did not
> find it at that time.

That may be.

In general, unless you actually need to perform all of the functions of a 
backend, you can usually get by with something much smaller - like an overlay 
that only intercepts Bind operations, or a password hash module in this case.

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  Chief Architect, OpenLDAP     http://www.openldap.org/project/