[TriLUG] OpenLDAP Question
David Brain
dbrain at gmail.com
Thu Aug 4 21:41:12 EDT 2011
Hi,
So the client device (Cisco ASA) has rather limited LDAP functionality
- I'm only allowd a basedn and a field that becomes a filter for
'uid=<nameyoutypedin>' - there's no (obvious at least to me) way to
specify additional filters - if I could I'd just solve the whole thing
with a memberOf=<specialgroup>.
At the other end directory is openldap (well free-ipa) which doesn't
seem to allow for much in the way of anything other than groups, and I
can't make any changes there anyway much as it's a live system with
other dependents.
David.
On Thu, Aug 4, 2011 at 7:16 PM, Matt Pusateri
<mpusateri at wickedtrails.com> wrote:
> I'm still trying to figure out what the problem of the device is? Can it not traverse the ldap tree and do sub searches? I assume there is some interface for adding the ldap server config and some point in the ldap tree to bind to? A little more info on how it's setup and what fields you can populate might help.
>
> Matt P.
> On Aug 3, 2011, at 11:40 AM, David Brain wrote:
>
>> Hi,
>>
>> Slightly off topic - but thought this might be as good a place to ask
>> this as any..
>>
>> Is it possible to set up a proxy OpenLDAP server that serves a 'view'
>> of it's backend server's data based on an LDAP filter? I'm trying to
>> get a reluctant network device to auth through LDAP, and all would be
>> well if it could just use a filter, however as it's a closed system
>> it's just not possible, so my first thought for a solution is to run a
>> proxy LDAP server that 'pre-filters' the data.
>>
>> Any thoughts or alternate solutions welcomed...
>>
>> David.
>> --
>> This message was sent to: M. Pusateri <mpusateri at wickedtrails.com>
>> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
>> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
>> Unsubscribe or edit options on the web : http://www.trilug.org/mailman/options/trilug/mpusateri%40wickedtrails.com
>> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>
> --
> This message was sent to: dbrain at gmail.com <dbrain at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web : http://www.trilug.org/mailman/options/trilug/dbrain%40gmail.com
> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>
More information about the TriLUG
mailing list