--On Tuesday, February 11, 2025 6:47 AM -0500 Dino Edwards
<dino.edwa...@mydirectmail.net> wrote:
Trying to get pass-through authentication working however, I'm running
to the following error in OpenLDAP:
Is the system it supposed to auth against another ldap server? If so I
would recommend slapo-remoteauth instead:
Hi, thanks for replying.
Yes the plan is to auth against AD. I didn't even know about remoteauth
which looks much simpler to implement. The problem I'm facing is that I'm
attempting to utilize the bitnami openldap container to accomplish this
and the documentation you pointed to talks about editing the slapd.conf
file which the bitnami container does not utilize. Instead it utilizes the
dynamic runtime configuration engine for config flexibility which
requires a LDIF database instead. I'm not familiar enough with openldap
to configure that.
I would suggest you start with a local installation and then adapt the
container configuration from there.
But here's an example for cn-config, you'd probably have to adjust for your
own environment.
dn: olcOverlay={6}remoteauth,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcRemoteAuthCfg
olcOverlay: {6}remoteauth
olcRemoteAuthTLS: starttls=yes tls_reqcert=never
olcRemoteAuthMapping: default ldaps://ad.example.com:636
olcRemoteAuthDNAttribute: seeAlso
olcRemoteAuthDomainAttribute: maildrop
olcRemoteAuthDefaultDomain: default
olcRemoteAuthDefaultRealm: ldaps://ad.example.com:636
olcRemoteAuthStore: FALSE
olcRemoteAuthRetryCount: 3
--Quanah
