Tuesday, August 2, 2022

[389-users] Forward LDAP Auth SASL or SSSD


We try to migrate from slapd to 389-dirserver.

Authentication is only used by our application login, not for system logon.

We forward our ldap authentication to a central ldap server


ldap_bind_dn: cn=binduser,ou=emea,o=services
ldap_bind_pw: secret
ldap_search_base: o=auth
ldap_timeout: 3
ldap_time_limit: 10
ldap_filter: (&(objectClass=inetOrgPerson)(uid=%u))

mech_list: plain
pwcheck_method: saslauthd
saslauthd_path: /run/sasl2/mux

and sysconfig/saslauthd

And a simple user attribute:     userpassword: {SASL}johndoe

It would be great it saslauthd is supported in 389-DS, but I fear it isn't.

I wonder how to configure 389-ds to use this simple LDAP auth
forwarding. I could not find anything about this in the docs (or I'm too
dumb..). I tried sssd but no luck yet, reconfiguration of PAM is not
It would be grateful to get a working example ( like the one above)


389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

No comments:

Post a Comment