2013/6/12 Jason Brandt <[email protected]>: > We run in a mixed environment, with both Active Directory and LDAP directory > servers. Some users exist in both LDAP and AD, while some are just in AD. > As such, we always have obstacles with password sync between directories. > > Is it possible, to set up an OpenLDAP proxy (if that's the correct term), > which would authenticate via Active Directory if the user exists there (or > if a flag is present in the LDAP entry, etc), otherwise via LDAP if the user > is not an AD user, thereby eliminating the need to store the password in > both directories? Directory information would otherwise be pulled from the > LDAP server, not from Active Directory. > >
You could use pass-trough authentification with SASL. See http://ltb-project.org/wiki/documentation/general/sasl_delegation Clément.
