Hi
We try to migrate from slapd to 389-dirserver.
Authentication is only used by our application login, not for system logon.
We forward our ldap authentication to a central ldap server
saslauthd:
ldap_servers
ldap_bind_dn: cn=binduser,ou=emea,o=services
ldap_bind_pw: secret
ldap_search_base: o=auth
ldap_timeout: 3
ldap_time_limit: 10
ldap_filter: (&(objectClass=inetOrgPerson)(uid=%u))
sasl2/slapd:
mech_list: plain
pwcheck_method: saslauthd
saslauthd_path: /run/sasl2/mux
and sysconfig/saslauthd
SASLAUTHD_AUTHMECH=ldap
And a simple user attribute: userpassword: {SASL}johndoe
It would be great it saslauthd is supported in 389-DS, but I fear it isn't.
I wonder how to configure 389-ds to use this simple LDAP auth
forwarding. I could not find anything about this in the docs (or I'm too
dumb..). I tried sssd but no luck yet, reconfiguration of PAM is not
allowed....
It would be grateful to get a working example ( like the one above)
Thanx
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
No comments:
Post a Comment