Good Morning,

I'm afraid my Google-fu is failing me, this morning. Synchronizing 389-ds with Active Directory is well understood.[1] However, for various non-technical reasons, I won't be able to do that for this environment.

What I need 389-ds to do is receive an ID/Auth requests from an LDAP client, forward that request into the AD environment, and then pass the response back to the end client. I suppose I would be tasking 389-ds to act as an AD proxy server, without doing full synchronization.

For bonus points, I will be loading sudoers information[2] into 389-ds and using it for *nix privilege authorization. So, "ou=SUDOers,dc=example,dc=com" would be locally served, while "ou=People,dc=example,dc=com" and "ou=Groups,dc=example,dc=com" would be forwarded. (My SudoUser attributes will use user and group names returned from AD.)

Is using 389-ds as a AD proxy documented somewhere? Am I just not finding it?

Thanks!

David

[1] - http://directory.fedoraproject.org/wiki/Howto:WindowsSync

[2] - http://www.sudo.ws/sudoers.ldap.man.html

--

David - Offbeat http://dafydd.livejournal.com
dafydd - Online http://pgp.mit.edu/
Battalion 4 - Black Rock City Emergency Services Department
Integrity*Commitment*Communication*Support

----5----1----5----2----5----3----5----4----5----5----5----6----5----7--

Werner Heisenberg is driving down the autobahn. A police officer pulls
him over. The officer says, "Excuse me, sir, do you know how fast you
were going?"
"No," replies Dr. Heisenberg, "but I know where I am."

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users