[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Proxy to Active Directory

To: Nazeeruddin Mohammad <nazeerm@phg.com.au>
Subject: RE: Proxy to Active Directory
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 29 Aug 2008 22:07:11 +1000
Cc: Howard Chu <hyc@symas.com>, "'openldap-technical@openldap.org'" <openldap-technical@openldap.org>
In-reply-to: <CEA10EAB0E62504AB36FC91B793108EFF5810335DB@PHEXVS01.internal.phg.com.au>
References: <CEA10EAB0E62504AB36FC91B793108EFF5810335DB@PHEXVS01.internal.phg.com.au>

On Fri, 2008-08-29 at 15:14 +1000, Nazeeruddin Mohammad wrote:
> Sorry, I couldn't pass the message properly.
> We want to use openldap, as many services depend on it. However, we want to synchronize LDAP user accounts with that of on AD. This means users need remember only one password
> 
> 
> I heard that there is possibility of doing this through openldap's proxy feature.
> 
> Could any enlighten me how to accomplish this? Or, is there any other way of doing this?
> 
> Here is my sladp.conf snippet

Perhaps put set the userPassword attribute to {SASL}user@AD.DOMAIN and
have SASL handle the forwarding of the simple binds into kerberos kinit
requests?

(I did this, to a bundled Heimdal many years ago, I don't know if it
works how you want however). 

Otherwise, perhaps look for a redirection via PAM to winbindd or
pam_krb5?

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: Proxy to Active Directory
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

References:
- RE: Proxy to Active Directory
  - From: Nazeeruddin Mohammad <nazeerm@phg.com.au>

Prev by Date: SSHD doesn't start
Next by Date: OpenLdap + Postfix
Index(es):
- Chronological
- Thread