Hi,
I'm trying to set up a ldap proxy in front of an Active Directory and configure sssd on the end point using AD schema, but so far I'm not very succesfull and now I wonder if it is feasible at all.
My first attempt is trying to use sssd directly to AD with these settings:
ldap_schema=ad id_provider = ldap auth_provider = ldap
to no avail. I can join the AD domain and then it works. So is this possible at all?
Regards,
Geerten Schram
On Wed, Apr 30, 2014 at 09:11:20AM +0200, Geerten Schram wrote:
Hi,
I'm trying to set up a ldap proxy in front of an Active Directory and configure sssd on the end point using AD schema, but so far I'm not very succesfull and now I wonder if it is feasible at all.
My first attempt is trying to use sssd directly to AD with these settings:
ldap_schema=ad id_provider = ldap auth_provider = ldap
to no avail. I can join the AD domain and then it works. So is this possible at all?
Regards,
Geerten Schram
In general, I think this should be possible, because the AD provider is a 'wrapper' around the LDAP ID provider and Kerberos AUTH provider for the biggest part.
I'm afraid there is not enough information in your e-mail, though..
What exactly doesn't work getting user information or authentication? Can you paste the logs?
Does the LDAP proxy have the same schema as AD uses, same attribute names etc?
Does the LDAP proxy allow anonymous bind? Can you search it with ldapsearch?
sssd-users@lists.fedorahosted.org