When using an Openldap server with a Kerberos server, you will have the issue of double password management.
However Openldap can be configured to pass through all the bind requests to another server/service.
In this example it's required to have already an running Openldap and Kerberos server.
Execute the following steps to setup the pass-through authentication:
Install the cyrus-sasl and cyrus-sasl-gssapi packages
Add the following lines in /etc/sysconfig/saslauthd file
MECH=kerberos5
FLAGS=
Create the file /etc/sasl2/slapd.conf.
Add the following lines to this file:
Now the server configuration is correctly done.
To setup the pass-through authentication for a specific user, change the userPassword of this user to
When now a ldapsearch with simple bind is done, the authentication should be successfully.