On Tue, 2018-11-06 at 12:37 -0500, Mark Reynolds wrote: > On 11/6/18 4:04 AM, LHEUREUX Bernard wrote: > > Hi all, > > > > I'm pretty new in the usage of 389-DS and I would like to know if > > some of you could help me achieve a feature that would: > > > > Have a 389-Directory server in front of AD Domain Controllers > > acting as "ldap proxy" to protect access to the DC but allowing to > > authenticate users with their LDAP AD account AND allowing to > > retrieve the list of Groups members (via filters) of the AD through > > PTA ? > > > > Is that possible and how could achieve this ? > > Yes, but you need to use SSSD as well: > > https://access.redhat.com/documentation/en-us/red_hat_directory_serve > r/10/html/administration_guide/pam-pta#pam-pta-sssd > > I personally have not done this, but it is documented in the > Administration Guide If we ever get really bored (and I mean really bored ;) ) we could create this as a lib389 test case. > > HTH, > Mark > > > > > Thanks for your help > > > > Bernard Lheureux. > > Ce message transmis par voie électronique ainsi que toutes ses > > annexes contiennent des informations qui peuvent être > > confidentielles ou protégées. Ces informations sont uniquement > > destinées à l’usage des personnes ou des entités précisées dans les > > champs ‘A’, ‘Cc’ et ‘Cci’. Si vous n’êtes pas l’un de ces > > destinataires, soyez conscient que toute forme, partielle ou > > complète, de divulgation, copie, distribution ou utilisation de ces > > informations est strictement interdite. Si vous avez reçu ce > > message par erreur, veuillez nous en informer par téléphone ou par > > message électronique et détruire les informations immédiatement. Ce > > message n’engage que son signataire et aucunement son employeur. > > _______________________________________________ > > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > > To unsubscribe send an email to 389-users-leave@lists.fedoraproject > > .org > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidel > > ines > > List Archives: https://lists.fedoraproject.org/archives/list/389-us > > ers@xxxxxxxxxxxxxxxxxxxxxxx > > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to 389-users-leave@lists.fedoraproject.o > rg > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelin > es > List Archives: https://lists.fedoraproject.org/archives/list/389-user > s@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
