I would start here: http://www.openldap.org/software/man.cgi?query=slapd-ldap&apropos=0&sektion=5&manpath=OpenLDAP+2.X-Devel&format=html
and here: http://www.openldap.org/software/man.cgi?query=slapo-rwm&sektion=5&manpath=OpenLDAP+2.X-Devel&format=html and see where that leads. HTH, Stephan On Tue, Oct 14, 2014 at 1:46 PM, Jeff Lebo <[email protected]> wrote: > Goal: LDAP server in Internet facing DMZ to provide authentication for > externally hosted applications using internal AD credentials. > > I've done a LOT of reading and testing, and there is one thing I am still > not 100% clear on: > > Is it possible to do this WITHOUT having a local user database on the > OpenLDAP proxy? We will have thousands of users that will need to > authenticate, and I can't maintain another user database (adds, removes, > etc..). Is there a way to make OpenLDAP just act more like a reverse proxy > and forward anything that matches a specific domain on to the internal > LDAP/AD server for password verification? > -- Stephan Fabel College of Education, University of Hawaii at Manoa Cell (260) 232-2357
