On Tue, 2017-04-04 at 13:30 +0000, alfonso.pardo@xxxxxxxxx wrote: > Hi!!! > > I am requesting your for ideas or how to. > > I have several clients (100+) that authenticate against DS389 ldap. But some users have his account information in a active directory. I want to authenticate against the DS389 always, but if the account doesn't exit in DS389 I want it delegate the authentication to the active directory. > I think that there needs to be an entry in the Directory Server instance for PTA to work. > I think the solution is the "pass-through authentication plugin", but is it "compatible" with active directory? How can I do it? > Yes it does. Have a look at: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/pam-pta.html You configure SSSD to bind to AD, then you pass through to pam. I hope that helps you, > > Regards! > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx -- Sincerely, William Brown Software Engineer Red Hat, Australia/Brisbane
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
