On Thu, 2017-01-19 at 20:59 +0000, Romain Esnault wrote:
Hello,
We have an Active Directory with windows accounts and we need to have these accounts in
another 389 DS to expose to applications. We will have these accounts in both LDAP ; 389
DS in front and Active Directory in back
We want that the password verification is done with the one stored into the Active
Directory even if applications bind the 389 DS.
With OpenLDAP, it's possible to use Pass-Through authentication configured to
delegate the password verification on specifics LDAP accounts.
-->
http://www.openldap.org/doc/admin24/security.html#Pass-Through authentication
But the 389 DS documentation seems indicate that for Pass-Through authentication is
possible only if accounts are not existing ...
Is it possible with 389 DS to implement the Pass-Through authentication only to delegate
password like openLDAP can do ?
Thanks for your help
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
You could use pam pass through
http://directory.fedoraproject.org/docs/389ds/howto/howto-pam-pass-throug...
The way I read the PTA docs, it's a bit ambiguous. It could go either
way. I think it would be worth test / reading the code to be sure.
Hope that helps (sorry for late response
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane