LDAP connector for SAML

Question

I'm looking for a SAML-LDAP bridge. I am trying to get company macs to authenticate against Centrify Cloud (no AD, we don't plan on implementing it). I can federate access to Centrify Identity Service using SAML, but Macs can only connect to LDAP servers. I must admit I'm new to LDAP (as I've always been using AD) and have no idea how to set it up.

I've been scouring the net for the past 2 days to find a way to do this, but I've found no clues on how to achieve it.

I would appreciate any help with this.

Answer 1

I found a way! There is a platform called Foxpass, that does exactly that - it can forward LDAP authentication requests to Google and build a cloud ldap directory on top of that. It also features a radius server as a bonus.

I tested it a bit and it seems to work as advertised. So for those who plan on building a fully functional directory service on top of Google Apps, I'd say Centrify+Foxpass is the way :)

Answer 2

I am a little bit confused here: - Centrify states on their website, that they can manage Macs - LDAP is in it basic structure (as AD is) a directory service So I am wondering why you would want LDAP (without planing to implement a directory service). What is Centrify lacking and what was their response to your request?

If you want to widen your scope on that Identity/SAML topic, take a look at UCS (my customers use Linux, Win, Mac and it works fine for authentication and id.mgm): https://www.univention.com/products/univention-app-center/app-catalog/simplesamlphp/

Here to clarify on LDAP: https://www.univention.com/2016/08/brief-introduction-whats-behind-the-terms-ldap-and-openldap/