On Sun, Feb 02, 2025 at 08:59:49AM -0000, [email protected] wrote: > And for mail system, I need to grab some of those users to single > OpenLDAP database (dc=internal), add some mail system-specific > attributes (that dont exist in source ADs) and add passthrough > authentication for them to the AD server where they belong. Like this: > > cn=jane.smith,ou=horns-and-hooves,dc=internal > mailQuota: 10 > imapHost: imap1 > mail: [email protected] > sourceOrg: horns-and-hooves > > cn=john.snow,ou=bells-and-whistles,dc=internal > mailQuota: 20 > imapHost: imap2 > mail:: [email protected] > sourceOrg: bells-and-whistles > > I expect algorithm like this: > First, I manually create users in OpenLDAP directory without passwords > with correct attributes. > > How server determines if user is a hosn-an-hooves user or > bells-and-whistles user - based on some attriburte value (sourceOrg) > or based on DN value (ou=horns-and-hooves,dc=internal vs > ou=bells-and-whistles,dc=internal) - IDK if any of this is possible. > > Does this algorithm implementation requires SALSd, or it can be done > with OpenLDAP-only? > > Could you please help me getting this configuration done?
You might want to explore if the remoteauth overlay (maybe in combination with others?) could help you here. Unfortunately nothing specific comes to mind but others here might have dealt with something similar? Regards, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
