On 05/30/17 08:10 +0200, Ulrich Windl wrote:
Clément OUDOT <clem.oudot@gmail.com> schrieb am 29.05.2017 um 20:43 inNachricht <CAK_oV4-DYo6d=LgWnu7foGkYQ4n9mjHiDbmo1t9uGyJT5e8EFQ@mail.gmail.com>:2017-05-29 19:00 GMT+02:00 Dan White <dwhite@cafedemocracy.org>:On 05/29/17 23:36 +0900, Alexandre Rosenberg wrote:I am in a environment where we use both OpenLDAP and Active Directory. All Linux servers authenticate against OpenLDAP where we have user group, unix group (...)Pass-through authentication should work if you're performing simple binds. Chapter 14 of the admin guide has a good example.You can also find a tutorial here: https://ltb-project.org/documentation/general/sasl_delegationI have one question: Why is hte AD admin accound needed to authenticate? I see a problem with the AD admin password being stored in cleartext in the saslauthd configuration...
Here's a simpler approach that does not require storing a password:
https://www.openldap.org/lists/openldap-technical/201106/msg00198.html This was tested against AD 2003. You may need to use ldaps with newer versions. -- Dan White