Le 1 mars 2012 11:03, Liam Gretton <[email protected]> a écrit : > On 08/02/2012 09:58, [email protected] wrote: > >> Is it possible to implement the controlled proxy with OpenLDAP ? >> E.g., like Radiusproxy based on realm: when username is [email protected]_ >> <mailto:[email protected]> go to the target1, and when username is >> [email protected]_<mailto:[email protected]> go to the target2. > > > Yes, a combination of meta database config in slapd.conf and appropriate > SASL config. > > In your schema, use the following in userPassword: > > userPassword: {SASL}xxx@DOMAIN > > where DOMAIN is whichever domain the user needs to be authenticated against. > > In slapd.conf: > > database meta > suffix dc=local > rootdn cn=administrator,dc=local > rootpw secret > > # domain01 > uri ldaps://domain01.com:3269/ou=domain01.com,dc=local > lastmod off > suffixmassage "ou=domain01.com=local" "dc=domain01,dc=com" > > idassert-bind bindmethod=simple > binddn="cn=binder,dc=domain01,dc=com" > credentials="password" > flags=non-prescriptive > > idassert-authzFrom "dn.exact:cn=administrator,dc=local" > > # domain02 > uri ldaps://domain02.com:3269/ou=domain02.com,dc=local > lastmod off > suffixmassage "ou=domain02.com=local" "dc=domain02,dc=com" > > idassert-bind bindmethod=simple > binddn="cn=binder,dc=domain02,dc=com" > credentials="password" > flags=non-prescriptive > > idassert-authzFrom "dn.exact:cn=administrator,dc=local" > > In saslauthd.conf you need to create the appropriate search base for > authentication based on the domain in the userPassword field: > > ldap_servers: ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi-meta > ldap_search_base: ou=%d,dc=local > ldap_filter: (sAMAccountName=%U) > ldap_auth_method: bind > > ldap_bind_dn: cn=administrator,dc=local > ldap_password: secret > > ldap_deref: never > ldap_use_sasl: no > > Hopefully this is enough info to get you going.
I wrote a complete documentation on how manage this with back-meta or back-ldap: http://ltb-project.org/wiki/documentation/general/sasl_delegation Hope it helps, Clément.
