[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP as proxy for Active Directory

To: openldap-software@OpenLDAP.org
Subject: Re: OpenLDAP as proxy for Active Directory
From: "Marc Grober" <marc@interak.com>
Date: Fri, 14 Oct 2005 12:07:37 -0900
In-reply-to: <6.1.1.1.2.20051014210635.02e73d90@mail.uni-greifswald.de>
References: <6.1.1.1.2.20051014210635.02e73d90@mail.uni-greifswald.de>

Could you detail the steps you took to set up the proxy.  we are trying to
accomplish the same kind of thing and I am knocking myself silly trying to
make this happen.....  does the proxy require the admin dn/password?

On Fri, 14 Oct 2005 21:23:57 +0200, Jan Schmidt wrote
> Hi list,
> 
> I managed to setup OpenLDAP (2.2.23 on SuSE 9.3) as read-only proxy 
> to our Active Directory using the ldap/meta backend. Now I've found 
> two annoying drawbacks.
> 
> (1) One strange behaviour is, that a ldapsearch on the proxy returns 
> only a subset of the available attributes of the object. Same 
> ldapsearch to the  Active Directory returns the full set.
> 
> (2) Active Directory allows uid@domain as bindDN. While slapd is 
> configured to be a proxy it doesn't send the bindDN to the AD but 
> parses it. This results in an error message: <= 
> ldap_bv2dn(uid@domain)=-4 Decoding error bind: invalid dn 
> (uid@domain) I tried to do the rewrite stuff mentioned in slapd-
> meta.5 but it doesn't work.
> 
> Can somebody give me some hints or has anyone got a fully functional 
> AD-proxy configuration?
> 
> Best regards,
>      Jan Schmidt
> 
> ---------------------------------------------------------------
> AG Anwendungen/Multimedia Rechenzentrum Universität Greifswald
> http://www.multimedia.uni-greifswald.de/
> Tel: +49 3834 861416 Fax: +49 3834 8680016

References:
- OpenLDAP as proxy for Active Directory
  - From: Jan Schmidt <schmidt4@uni-greifswald.de>

Prev by Date: Re: Stability OL 2.3.11?
Next by Date: SIG 6 in openldap 2.2.x & 2.3.11
Index(es):
- Chronological
- Thread