David Cunningham wrote: > Hello, > > I would like to configure slaps.conf to proxy requests to an AD server. > > 1.) I want SLAPD to always connect to this AD server as a specific user > 2.) I want SLAPD to run all queries including searches against this AD server > using the defined user. > 3.) I want clients connecting to SLAPD to query AD to be authenticated by > revokable client certificate only. If the connecting client has a valid > certificate that matches a CA, then it’s LDAP query is allowed and proxied to > Active Directory. > 4.) The client should also be able to rebind as user after doing a user DN > search (to verify username/password). > > > Does that make sense?
Sure. Read the slapd-ldap(5) manpage for 1 and 2. Read slapd.conf(5) for 3. 4 doesn't make sense after already authenticating via 3 but sure, you can do it. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
