Yes, thanks, remoteauth worked. This is my second message for same
theme, sorry, moderation took long i thought my message get lost.
On 2025-02-17 13:58, Ondřej Kuzník wrote:
On Sun, Feb 02, 2025 at 08:59:49AM -0000, [email protected] wrote:
And for mail system, I need to grab some of those users to single
OpenLDAP database (dc=internal), add some mail system-specific
attributes (that dont exist in source ADs) and add passthrough
authentication for them to the AD server where they belong. Like this:
cn=jane.smith,ou=horns-and-hooves,dc=internal
mailQuota: 10
imapHost: imap1
mail: [email protected]
sourceOrg: horns-and-hooves
cn=john.snow,ou=bells-and-whistles,dc=internal
mailQuota: 20
imapHost: imap2
mail:: [email protected]
sourceOrg: bells-and-whistles
I expect algorithm like this:
First, I manually create users in OpenLDAP directory without passwords
with correct attributes.
How server determines if user is a hosn-an-hooves user or
bells-and-whistles user - based on some attriburte value (sourceOrg)
or based on DN value (ou=horns-and-hooves,dc=internal vs
ou=bells-and-whistles,dc=internal) - IDK if any of this is possible.
Does this algorithm implementation requires SALSd, or it can be done
with OpenLDAP-only?
Could you please help me getting this configuration done?
You might want to explore if the remoteauth overlay (maybe in
combination with others?) could help you here. Unfortunately nothing
specific comes to mind but others here might have dealt with something
similar?
Regards,
