On Mon, Jan 7, 2019 at 5:53 PM Dan White <[email protected]> wrote:
> On 01/07/19 16:18 -0500, [email protected] wrote: > >I am using openldap proxy today with ldap backend. > > > >Any suggestions on how to use kerberos as the backend? > > > >Here is my config (sanitized) > > > >$ cat slapd.conf > > >### Database definition (Proxy to AD) > ######################################### > >database ldap > >readonly yes > >protocol-version 3 > >rebind-as-user yes > >uri "ldaps://ldap.example.com:1636" > >suffix "ou=People,dc=example,dc=net" > > I'm not clear on where kerberos authentication fits scenario, but > the two pieces of documentation to start with would be the slapo-ldap > manpage, and the OpenLDAP Software 2.4 Administrator's Guide, section 14.5, > and chapter 15. > > If that doesn't adress your question, please provide more detail, including > how your clients authenticate with the proxy server. > I do not see any slapo-ldap in my search for man page in openldap site http://www.openldap.org/software/man.cgi?query=slapo*&sektion=0&manpath=OpenLDAP+2.4-Release&apropos=1&format=html So on my client I like to point to kerberos proxy for authentication. Today I am using ldap proxy with -H ldaps://127.0.0.1 and it works fine like below ldapsearch -LLL -x -y ~/.ldap-pass -H ldaps://127.0.0.1 uid=foo And under sssd ldap auth works fine like below auth_provider = ldap ldap_uri = ldaps://127.0.0.1 I want to start using kerberos setting like below and start using kerberos for authentication auth_provider = krb5 krb5_server = 127.0.0.1:88 But I do not have anything running on port 88 May be I am not understanding how to implement kerberos proxy. Appreciate any help. -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
