Ah-ha! It's all in the wording. Once I got a clue to search on "database chaining," I found the right docs...
db On Mar 12, 2013, at 09:46, David Barr <daf...@dafydd.com> wrote: > Good Morning, > > I'm afraid my Google-fu is failing me, this morning. Synchronizing 389-ds > with Active Directory is well understood.[1] However, for various > non-technical reasons, I won't be able to do that for this environment. > > What I need 389-ds to do is receive an ID/Auth requests from an LDAP client, > forward that request into the AD environment, and then pass the response back > to the end client. I suppose I would be tasking 389-ds to act as an AD proxy > server, without doing full synchronization. > > For bonus points, I will be loading sudoers information[2] into 389-ds and > using it for *nix privilege authorization. So, "ou=SUDOers,dc=example,dc=com" > would be locally served, while "ou=People,dc=example,dc=com" and > "ou=Groups,dc=example,dc=com" would be forwarded. (My SudoUser attributes > will use user and group names returned from AD.) > > Is using 389-ds as a AD proxy documented somewhere? Am I just not finding it? > > Thanks! > David > > [1] - http://directory.fedoraproject.org/wiki/Howto:WindowsSync > [2] - http://www.sudo.ws/sudoers.ldap.man.html > > -- > > David - Offbeat http://dafydd.livejournal.com > dafydd - Online http://pgp.mit.edu/ > Battalion 4 - Black Rock City Emergency Services Department > Integrity*Commitment*Communication*Support > > ----5----1----5----2----5----3----5----4----5----5----5----6----5----7-- > > Werner Heisenberg is driving down the autobahn. A police officer pulls > him over. The officer says, "Excuse me, sir, do you know how fast you > were going?" > "No," replies Dr. Heisenberg, "but I know where I am." > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users -- David - Offbeat http://dafydd.livejournal.com dafydd - Online http://pgp.mit.edu/ Battalion 4 - Black Rock City Emergency Services Department Integrity*Commitment*Communication*Support ----5----1----5----2----5----3----5----4----5----5----5----6----5----7-- Rene Descartes walks into his neighborhood watering hole. The publican sees him and asks, "Will you have your usual, sir?" Descartes ponders a moment and replies, "I think not." And promptly disappears...
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users