Good Morning,
I'm afraid my Google-fu is failing me, this morning. Synchronizing 389-ds with Active
Directory is well understood.[1] However, for various non-technical reasons, I won't
be able to do that for this environment.
What I need 389-ds to do is receive an ID/Auth requests from an LDAP client, forward that
request into the AD environment, and then pass the response back to the end client. I
suppose I would be tasking 389-ds to act as an AD proxy server, without doing full
synchronization.
For bonus points, I will be loading sudoers information[2] into 389-ds and using it for
*nix privilege authorization. So, "ou=SUDOers,dc=example,dc=com" would be
locally served, while "ou=People,dc=example,dc=com" and
"ou=Groups,dc=example,dc=com" would be forwarded. (My SudoUser attributes will
use user and group names returned from AD.)
Is using 389-ds as a AD proxy documented somewhere? Am I just not finding it?
Thanks!
David
[1] -
http://directory.fedoraproject.org/wiki/Howto:WindowsSync
[2] -
http://www.sudo.ws/sudoers.ldap.man.html
--
David - Offbeat
http://dafydd.livejournal.com
dafydd - Online
http://pgp.mit.edu/
Battalion 4 - Black Rock City Emergency Services Department
Integrity*Commitment*Communication*Support
----5----1----5----2----5----3----5----4----5----5----5----6----5----7--
Werner Heisenberg is driving down the autobahn. A police officer pulls
him over. The officer says, "Excuse me, sir, do you know how fast you
were going?"
"No," replies Dr. Heisenberg, "but I know where I am."