[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP proxy to AD

To: Steve Harris <sharris@myra.com>
Subject: Re: OpenLDAP proxy to AD
From: Dusty Doris <openldap@mail.doris.cc>
Date: Fri, 4 Feb 2005 15:58:42 -0500 (EST)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <Pine.GSO.4.58.0502031052360.6754@cairo.myra.com>
References: <Pine.GSO.4.58.0502031052360.6754@cairo.myra.com>

> Hi all,
>
> I'm setting up OpenLDAP as a proxy to AD so that LDAP queries directed
> to the OpenLDAP proxy then connects to the AD via LDAPS.
>
> OpenLDAP is up and running and the LDAP backend is working fine..
>
> When I submit a query to the proxy server (using ldapsearch) I do not get
> a response (the same query directly to the AD returns what I expect).
>
> e.g. (query modified to protect the innocent :)
>
> ldapsearch -v -h 127.0.0.1 -b "ou=bottom,dc=middle,dc=top"
> "samaccountName=steve"
>
> Running slapd with '-d -1' reveals the following ;
>
>      get_ava: unknown attributeType samaccountName
>
>
> I also have an attribute map in place and the debug reveals the following
> suring startup ;
>
>    /usr/local/etc/openldap/slapd.conf: line 35: warning, destination
> attributeType 'samaccountname' is not defined in schema
>

What's your slapd.conf look like on that map entry?

I was able to map using back-meta with this

map attribute mail userPrincipalName

This mapped the AD userPrincipalName to the opendlap mail.  I didn't need
to define what userPrincipalName was in openldap.

This is using openldap 2.1.30.

References:
- OpenLDAP proxy to AD
  - From: Steve Harris <sharris@myra.com>

Prev by Date: how to limit number of slapd processes
Next by Date: Slave machine
Index(es):
- Chronological
- Thread