Le 14/01/2019 à 09:01, Martin Toth a écrit :
> Ok, I will reconfigure it to meta. But how is it possible to use
> Pass-Trough authentication with SASL when I will not be able to create
> user object in this meta directory for authentification.
> I mean user with "userPassword: {SASL}[email protected]
> <mailto:sasl%[email protected]>” so it will auth against SASL.. as
> mentioned
> in https://ltb-project.org/documentation/general/sasl_delegation. As
> far as I know I can’t create objects in meta.
>Indeed, I think you did not perfectly understood the tutorial. You must have a main LDAP directory which contains entries. In these entries, the userPassword will be an SASL password, that will tell OpenLDAP to forward authentication to saslauthd. Il you only have one AD, there is no more to do, as you can configure saslauthd to authenticate against AD. But il you need to manager more than one AD, then you will be forced to create a proxy directory, that will be used by saslauthd. By the way, this discussion would be more accurate on ltb-users mailing list, as we are not talking about issues in LTB tools code. -- Clément Oudot | Identity Solutions Manager [email protected] Worteks | https://www.worteks.com
_______________________________________________ ltb-dev mailing list [email protected] https://lists.ltb-project.org/cgi-bin/mailman/listinfo/ltb-dev
