Am Mon, 25 Feb 2019 13:34:45 -0800 schrieb N6Ghost <n6gh...@gmail.com>:
> hi all, > > I am trying to setup an openldap proxy to AD and i need to use SUSE > Enterprise Linux 12. > > Hostname:/etc/openldap # rpm -qa|grep -i openldap > openldap2-2.4.41-18.43.1.x86_64 > openldap2-client-2.4.41-18.43.1.x86_64 > > what I am trying to do, is proxy an application (with 1000s of users) > from talking directory to AD, to talking to openldap. and then have > openldap talk to AD. > look across the net is a bunch of stuff, but most of it does not > seem to apply, or work. look at the offical doc, says use sasl but > you must have an local entry with a {sasl] tag on the user thats not > really ideal and work make a huge problem. a few of the posts online > just said point to AD via ldap is possible? and this application also > has a group lookup as part of its auth process... eg, only member of > groupX can access.... > > any help in this would be huge. > > > seems, i am mixing up a few different ways of doing this whats the > bets way to do this? I presume you are running slapd with slapd-ldap(5) backend. AD requires non standard attribute types, which openldap does not provide. Include AD schema files into slapd. RFC-4513 requires sasl for strong binds, if your AD is setup as KDC you may include openldap services as kerberos host and service pricipals. -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E