Michael Ströder wrote:
Don Hoover wrote:
I also just configured saslauthd to have a ldap_servers, and
ldap_search_base only, since SASL is using username and password provided
through openldap to do the binds.
I guess in some ways I am doing a unique thing in that I am actually
proxying another real ldap server, and not doing active directory which so
many seem to be doing these days.
You could also use back-ldap together with slapo-rwm rewriting the bind
requests. This would avoid having to set userPassword value and running
saslauthd.
Except that back-ldap will forward all requests to the remote server, not just
Bind requests.
I've just added in CVS HEAD a simple extension to back-ldap to allow it to be
used as an overlay that only forwards Bind requests. Have a look at that...
http://www.openldap.org/lists/openldap-commit/201002/msg00003.html
http://www.openldap.org/lists/openldap-commit/201002/msg00004.html
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
