Hi Willam Brown, I've tried to follow this document for pass through authentication https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/using_the_pass_through_authentication_plug_in For that i've create two 389ds ldap servers i've created ldap1 with ldap1.inf # ldap1.inf [general] config_version = 2 [slapd] self_sign_cert = False instance_name = ldap1 port = 1389 # root_dn (str) # Description: Sets the Distinquished Name (DN) of the administrator account for this instance. # Default value: cn=Directory Manager root_dn = cn=ldap2 # root_password (str) # Description: Sets the password of the account specified in the "root_dn" parameter. You can either set this parameter # to a plain text password dscreate hashes during the installation or to a "{algorithm}hash" string generated by the pwdhash utility. # Note that setting a plain text password can be a security risk if unprivileged users can read this INF file! # Default value: Directory_Manager_Password root_password = #CEEadmin123 [backend-userroot] sample_entries = yes suffix = dc=openstack,dc=org Ldap2 with below file ldap2.inf # ldap2.inf [general] config_version = 2 [slapd] self_sign_cert = False instance_name = ldap2 port = 2389 # root_dn (str) # Description: Sets the Distinquished Name (DN) of the administrator account for this instance. # Default value: cn=Directory Manager root_dn = cn=ldap2 # root_password (str) # Description: Sets the password of the account specified in the "root_dn" parameter. You can either set this parameter # to a plain text password dscreate hashes during the installation or to a "{algorithm}hash" string generated by the pwdhash utility. # Note that setting a plain text password can be a security risk if unprivileged users can read this INF file! # Default value: Directory_Manager_Password root_password = #CEEadmin123 [backend-userroot] sample_entries = yes suffix = dc=openstack,dc=org Created a "ou=users" for ldap1 and added users under that "ou=users" ceeinfra@infra3:~/389ds/ldap2> sudo dsidm -b "dc=openstack,dc=org" slapd-ldap1 account list dc=openstack,dc=org ou=groups,dc=openstack,dc=org ou=people,dc=openstack,dc=org ou=permissions,dc=openstack,dc=org ou=services,dc=openstack,dc=org uid=demo_user,ou=people,dc=openstack,dc=org cn=demo_group,ou=groups,dc=openstack,dc=org ou=users,dc=openstack,dc=org uid=ldap1_user1,ou=users,dc=openstack,dc=org uid=ldap1_user2,ou=users,dc=openstack,dc=org uid=ldap1_user3,ou=users,dc=openstack,dc=org Created a "ou==people" for ldap2 and added users under that "ou=people" ceeinfra@infra3:~/389ds/ldap2> sudo dsidm -b "dc=openstack,dc=org" slapd-ldap2 account list dc=openstack,dc=org ou=groups,dc=openstack,dc=org ou=people,dc=openstack,dc=org ou=permissions,dc=openstack,dc=org ou=services,dc=openstack,dc=org uid=demo_user,ou=people,dc=openstack,dc=org cn=demo_group,ou=groups,dc=openstack,dc=org uid=ldap2_user1,ou=people,dc=openstack,dc=org uid=ldap2_user2,ou=people,dc=openstack,dc=org uid=ldap2_user3,ou=people,dc=openstack,dc=org Now i've followed your the steps from this link https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/using_the_pass_through_authentication_plug_in and i ran below commands to pass through from ldap1 to ldap2 users to dsconf -D "cn=ldap1" ldap://infra3:1389 plugin pass-through-auth enable dsconf -D "cn=ldap1" ldap://infra3:1389 plugin pass-through-auth url add "ldap://infra3:2389/ou=people"; and restarted sudo dsctl slapd-ldap1 restart Can you tell me how to verify the users of ldap2 to get authenticated with ldap1 server(below are the points from the documentation) The user directory is now configured to send all bind requests for entries with a DN containing o=RedHat to the configuration directory authdir.example.com. The user directory allows any user from o=RedHat to bind. 1) Can you also tell me if i've two ldap's whose suffixes are not same i.e. for ldap1 id suffix is dc=openstack,dc=com for ldap2 suffix is dc=nitesh,com=org Can i do pass through authentication or chaining between those two LDAP's? 2) Can you tell me how to check bind of the users with ldapserver also ? I'm literally new to 389ds please bare with my questions. Regards Nitesh _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
