Just wanted to thank you for this link. It [remoteauth overlay] worked
like a charm.
On 2025-02-06 23:54, Quanah Gibson-Mount wrote:
--On Tuesday, February 4, 2025 8:41 PM +0300 "Alexey D. Filimonov"
<[email protected]> wrote:
My goal is to [manually] maintain a database of users using OpenLDAP
directory, with some set of attributes and values.
All of those users have their second accounts in different external LDAP
directories (2 directories).
For those users, I want OpenLDAP server to passthrough simple_bind
authentication to one of those directories.
When I manually create a user in OpenLDAP directory, I want specify a
`backend keys` in some attributes, that will tell OpenLDAP server how to
process user's simple_bind authentication.
For example, I can specify some sort of attributes like `backendRealm =
ActiveDirectory1` and `mail = [email protected]` to tell OpenLDAP to
lookup object DN on servers from group `ActiveDirectory1` with
`[email protected]` filter and try to simple_bind against one server
from group `ActiveDirectory1` using DN it fount and password user
provided originally.
DNs of all users are not even partially equal between directories.
Suffixes are different too.
All OpenLDAP users and attributes are maintained manually, without
proxying (except authentication).
Please help me if I can do this somehow using OpenLDAP? Can I do this
without using SASLD?
Have you read up on slapo-remoteauth?
<https://www.openldap.org/software/man.cgi?query=slapo-remoteauth&apropos=0&sektion=0&manpath=OpenLDAP+2.6-Release&arch=default&format=html>
--Quanah
