| Good Morning, I'm afraid my Google-fu is failing me, this morning. Synchronizing 389-ds with Active Directory is well understood.[1] However, for various non-technical reasons, I won't be able to do that for this environment. What I need 389-ds to do is receive an ID/Auth requests from an LDAP client, forward that request into the AD environment, and then pass the response back to the end client. I suppose I would be tasking 389-ds to act as an AD proxy server, without doing full synchronization. For bonus points, I will be loading sudoers information[2] into 389-ds and using it for *nix privilege authorization. So, "ou=SUDOers,dc=example,dc=com" would be locally served, while "ou=People,dc=example,dc=com" and "ou=Groups,dc=example,dc=com" would be forwarded. (My SudoUser attributes will use user and group names returned from AD.) Is using 389-ds as a AD proxy documented somewhere? Am I just not finding it? Thanks! David --
David - Offbeat http://dafydd.livejournal.com dafydd - Online http://pgp.mit.edu/ Battalion 4 - Black Rock City Emergency Services Department Integrity*Commitment*Communication*Support ----5----1----5----2----5----3----5----4----5----5----5----6----5----7-- Werner Heisenberg is driving down the autobahn. A police officer pulls him over. The officer says, "Excuse me, sir, do you know how fast you were going?" "No," replies Dr. Heisenberg, "but I know where I am." |
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
