On 08/12/10 10:05 +0100, Rudy Gevaert wrote: >On 12/07/2010 10:33 PM, Dan White wrote: > >> If both domains can authenticate via LDAP (or Kerberos), you might check >> out a recent thread on the OpenLDAP-technical list titled 'Pass-Through >> authentication', which discusses a couple of alternatives. > >Hi Dan, I can't find what you are referring through in their archives. >Can you give me an other pointer please. Sure, You can find it here: http://www.openldap.org/lists/openldap-technical/201011/msg00184.html The gist of the thread is that the poster had multiple AD servers that the he wanted to authenticate to, and there were two solutions given: 1. Perform Kerberos authentication from saslauthd. 2. Set up a back-meta relay from within OpenLDAP to hide the AD servers behind, and do LDAP authentication from saslauthd. A couple of other possibilities: If your libsasl is compiled with courier authdaemon support, you might be able to do: sasl_pwcheck_method: saslauthd authdaemond sasl_saslauthd_path: /path/to/zimbra/mux sasl_authdaemond_path: /path/to/courier/authdaemon And then configure authdaemond to authenticate to AD via LDAP. -- Dan White ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
