[Samba] RODC in DMZ
Benedikt Kaleß forumZFD
benedikt.kaless at forumZFD.de
Tue Jan 21 13:16:37 UTC 2025
Dear all,
we decided to put a RODC in the DMZ. A Keycloak in another site is just
reading this RODC.
Best
Bene
Am 20.01.25 um 00:01 schrieb Kees van Vloten via samba:
>
> Op 29-12-2024 om 20:29 schreef Stefan Kania via samba:
>>
>>
>> Am 13.12.24 um 14:38 schrieb Kees van Vloten via samba:
>>> There is one limitation I forgot to mention: in my config there is a
>>> module "mr_passthru", it is required if you want to do Microsoft
>>> LDAP_MATCHING_RULE_IN_CHAIN queries, e.g. for nested group membership
>>> lookups: "(memberof:1.2.840.113556.1.4.1941:=CN=...) ".
>>>
>>> Openldap does not support these by default.
>>
>> OpenLDAP supports nested groups via acl set ;-), without any aditional
>> overlay
>>
> Did you manage to get that working (with this kind of ldap-proxy)?
>
> If so, could you share some examples?
>
>
> - Kees.
>
>
--
forumZFD
Entschieden für Frieden | Committed to Peace
Benedikt Kaleß
Pronomen: er/ihn | Pronouns: he/him
Leiter IT & facility management | Head IT and facility management
Forum Ziviler Friedensdienst e.V. | Forum Civil Peace Service
Am Kölner Brett 8 | 50825 Köln | Germany
Tel 0221 9127320 | Fax 0221 91273299 |
http://www.forumZFD.de
Vorstand nach § 26 BGB, einzelvertretungsberechtigt | Executive Board:
Alexander Mauz, Sonja Wiekenberg-Mlalandle
VR 17651 Amtsgericht Köln
Spenden | Donations: IBAN: DE90 4306 0967 4103 7264 00 BIC GENODEM1GLS
More information about the samba
mailing list