Hello, everyone, I have a use-case where I'd like to configure ApacheDS to store some information, including user accounts, but I'd like authentication for those user accounts to be passed through to my company's Active Directory system. I believe, from what I'm reading, this is possible, either via SASL or GSSAPI.
I'm currently trying to configure SASL, but hitting a couple of blocks, and could use some help getting past them. Here's what I've got so far... * A server running Rocky Linux onto which I've installed ApacheDS (ldap1.example.com) * On this server, I've also installed and configured realmd, adcli, and saslauthd. * I've joined this server to my AD domain, and added ldap/ldap1.example.com to servicePrincipalName. * I can successfully authenticate using testsaslauthd with "ldap" as the service, EXAMPLE.COM <http://example.com/> as the realm, and a valid AD user. * In ApacheDS, I've configured the following settings: SASL Host: ldap1.example.com (hostname of the server ApacheDS is running on) SASL Principal: ldap/ldap1.example....@example.com Search Base DN: OU=ApacheDS,DC=example,DC=com (The root OU of my ApacheDS install.) SASL Realms: EXAMPLE.COM <http://example.com/> * I created a user within the OU=ApacheDS,DC=example,DC=com container in ApacheDS, account1, which matches a user that already exists in Active Directory. * I now try to authenticate to ApacheDS in Directory Studio, for example, using variations of this user account (RDN, account1, accou...@example.com, etc.), and get various errors: - [LDAP result code 49 - invalidCredentials] INVALID_CREDENTIALS: DIGEST-MD5: digest response format violation. Nonexistent realm: EXAMPLE.COM <http://example.com/> - [LDAP result code 49 - invalidCredentials] INVALID_CREDENTIALS: CRAM-MD5: username not found: accou...@example.com - [LDAP result code 49 - invalidCredentials] INVALID_CREDENTIALS: CRAM-MD5: username not found: cn=account1,OU=ApacheDS,DC=example,DC=com I'm sure I'm just missing something basic, here, but can someone point me in the right direction for what I need to do to finish tying this together? Thanks, Nick
