[Samba] RODC in DMZ

Benedikt Kaleß forumZFD benedikt.kaless at forumZFD.de
Tue Jan 21 13:16:37 UTC 2025


Dear all,

we decided to put a RODC in the DMZ. A Keycloak in another site is just 
reading this RODC.

Best
Bene

Am 20.01.25 um 00:01 schrieb Kees van Vloten via samba:
> 
> Op 29-12-2024 om 20:29 schreef Stefan Kania via samba:
>>
>>
>> Am 13.12.24 um 14:38 schrieb Kees van Vloten via samba:
>>> There is one limitation I forgot to mention: in my config there is a 
>>> module "mr_passthru", it is required if you want to do Microsoft 
>>> LDAP_MATCHING_RULE_IN_CHAIN queries, e.g. for nested group membership 
>>> lookups: "(memberof:1.2.840.113556.1.4.1941:=CN=...) ".
>>>
>>> Openldap does not support these by default.
>>
>> OpenLDAP supports nested groups via acl set ;-), without any aditional 
>> overlay
>>
> Did you manage to get that working (with this kind of ldap-proxy)?
> 
> If so, could you share some examples?
> 
> 
> - Kees.
> 
> 

-- 
forumZFD
Entschieden für Frieden | Committed to Peace
Benedikt Kaleß
Pronomen: er/ihn | Pronouns: he/him
Leiter IT & facility management | Head IT and facility management
Forum Ziviler Friedensdienst e.V. | Forum Civil Peace Service

Am Kölner Brett 8 | 50825 Köln | Germany
Tel 0221 9127320 | Fax 0221 91273299 |
http://www.forumZFD.de

Vorstand nach § 26 BGB, einzelvertretungsberechtigt | Executive Board:
Alexander Mauz, Sonja Wiekenberg-Mlalandle
VR 17651 Amtsgericht Köln

Spenden | Donations: IBAN: DE90 4306 0967 4103 7264 00   BIC GENODEM1GLS




More information about the samba mailing list