[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap meta + activedirectory

To: openldap-software@OpenLDAP.org
Subject: Re: ldap meta + activedirectory
From: Julien TOUCHE <julien.touche@lycos.com>
Date: Sat, 22 Jan 2005 20:48:57 +0100
In-reply-to: <41F23000.3030202@sys-net.it>
References: <41F22341.30101@lycos.com> <41F23000.3030202@sys-net.it>
User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)

Pierangelo Masarati a écrit :

URI: ldap:// or ldaps://; the latter may require tweaking OpenLDAP's
 ldap.conf to provide appropriate CA certificate or to disable CA
cert checking as considered appropriate; see ldap.conf(5) for
details.

for example, is this ok ?
===
database meta
suffix cn=Users, dc=meta, dc=domain, dc=local
uri ldaps://adserver.domain.local/cn=Users,dc=domain,dc=local \
	ldaps://adserver2.domain.local/cn=Users,dc=domain,dc=local
bindn "cn=proxyuser,cn=Users,dc=domain,dc=local"
bindpw "{MD5}secret"
TLS_REQCERT allow
lastmod off
===
which rights need to have proxy user ? Administrators ? or is there
anything more precise ?

ACL: is up to what further restrictions you want to set on data disclosed by the remote server

for now, only an authentification server which use AD, so only name,
username, pw will be used on first glance.

<http://www.openldap.org/faq/data/cache/532.html> for nearly a year,

ok.

thanks
Regards

		Julien

Follow-Ups:
- Re: ldap meta + activedirectory
  - From: Pierangelo Masarati <ando@sys-net.it>

References:
- ldap meta + activedirectory
  - From: Julien TOUCHE <julien.touche@lycos.com>
- Re: ldap meta + activedirectory
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: ldap meta + activedirectory
Next by Date: OpenLDAP + SASL + BDB + Heimdal = BDB errors?
Index(es):
- Chronological
- Thread