> As I said, you'll need to adjust for your environment. You also will
likley need to
> moduleload the remoteauth overlay.
Thanks I appreciate you taking the time to assist. Trying to wrap my head
around all this. The olcRemoteAuthDNAttribute: seeAlso, is that a an
attribute that's supposed to be present in my LDAP structure?
The documentation is not very clear on this. Let's say I need to
authenticate against an AD domain with the following settings over 389 or
636:
Domain server: dc01.domain.tld
What exactly do I need to put in the remoteauth.ldif file?
I have the following but it's not even trying to authenticate with the
remote server. It simply fails auth. I have added the user in openldap with
the UserPassword value empty:
dn: cn=module{2},cn=config
objectClass: olcModuleList
cn: module{1}
olcModulePath: /opt/bitnami/openldap/lib/openldap
olcModuleLoad: remoteauth.so
dn: olcOverlay={6}remoteauth,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcRemoteAuthCfg
olcOverlay: {6}remoteauth
olcRemoteAuthTLS: starttls=yes tls_reqcert=never
olcRemoteAuthMapping: default ldap://dc01.domain.tld:389
olcRemoteAuthDNAttribute: seeAlso
olcRemoteAuthDomainAttribute: maildrop
olcRemoteAuthDefaultDomain: default
olcRemoteAuthDefaultRealm: ldap://dc01.domain.tld:389
olcRemoteAuthStore: FALSE
olcRemoteAuthRetryCount: 3
Thanks
