On Tue, 2017-04-04 at 13:30 +0000, alfonso.pardo@ciemat.es wrote:
> Hi!!!
>
> I am requesting your for ideas or how to.
>
> I have several clients (100+) that authenticate against DS389 ldap. But some users have his account information in a active directory. I want to authenticate against the DS389 always, but if the account doesn't exit in DS389 I want it delegate the authentication to the active directory.
>
I think that there needs to be an entry in the Directory Server instance
for PTA to work.
> I think the solution is the "pass-through authentication plugin", but is it "compatible" with active directory? How can I do it?
>
Yes it does. Have a look at:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/pam-pta.html
You configure SSSD to bind to AD, then you pass through to pam. I hope
that helps you,
>
> Regards!
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
--
Sincerely,
William Brown
Software Engineer
Red Hat, Australia/Brisbane
No comments:
Post a Comment