[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Proxy to Active Directory: lost field

To: "Bogdan B. Rudas" <bogdan.rudas@nivalnetwork.com>
Subject: Re: Proxy to Active Directory: lost field
From: Pierangelo Masarati <ando@sys-net.it>
Date: Wed, 25 Mar 2009 16:49:20 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <20090325142851.1d062b3d@brudas>
References: <20090325142851.1d062b3d@brudas>
User-agent: Thunderbird 2.0.0.19 (X11/20090107)

Bogdan B. Rudas wrote:

Hello.

I use OpenLDAP as proxy for M$ AD. The problem is: I can set filter only by some fileds like CN or Name. I can't query AD by sAMAccountName via proxy Also I can't see many AD-specific fileds while browsing AD via OpenLDAP proxy.


Request to proxy:

ldapsearch -M -LLL -H ldap://localhost:389 -x -D
"cn=aduser,ou=allusers,ou=itdep,dc=domain,dc=company,dc=com" -w
password -x -b "dc=domain,dc=company,dc=com"
'(sAMAccountName=bogdan.rudas)'  sAMAccountName

Return nothing.

Request directly to AD LDAP:

ldapsearch -M -LLL -H ldap://ADserver.domain.company.com:1234 -x -D
"cn=aduser,ou=allusers,ou=itdep,dc=domain,dc=company,dc=com" -w
password -x -b "dc=domain,dc=company,dc=com"
'(sAMAccountName=bogdan.rudas)'  cn

Returns:

dn: CN=Bogdan Rudas.......skipped....
cn: Bogdan Rudas


Yet another request to proxy:

ldapsearch -M -LLL -H ldap://ADserver.domain.company.com:1234 -x -D
"cn=aduser,ou=allusers,ou=itdep,dc=domain,dc=company,dc=com" -w
password -x -b "dc=domain,dc=company,dc=com" '(name=Bogdan Rudas)'  cn
sAMAccountName

dn: cn=Bogdan Rudas.......skip.....
cn: Bogdan Rudas
SAMACCOUNTNAME: bogdan.rudas

Slapd version 2.4.11-1
Running on Debian 5.0 amd64

OpenLDAP config:

include  /etc/ldap/schema/core.schema
include  /etc/ldap/schema/cosine.schema
include  /etc/ldap/schema/inetorgperson.schema
pidfile  /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args

modulepath      /usr/lib/ldap
moduleload      back_ldap


access to dn.base="" by * read
access to *
 by self read
 by users read
 by anonymous auth

loglevel   256

######################################################
# database definitions
######################################################

database ldap
suffix  "dc=intra,dc=nival,dc=com"
uri  "ldap://ADserver.domain.company.com:1234";
acl-bind bindmethod=simple
binddn="cn=aduser,ou=allusers,ou=itdep,dc=domain,dc=company,dc=com"
credentials=password
chase-referrals yes

Your proxy knows nothing about those schema items, that's why they are ignored by slapd. You need to extract that information from AD, format it according to slapd's syntax for "attributeType" and "objectClass" keyworks in slapd.conf(5) and pre-load them muck like you do with other schema items (the "include <file>.schema" lines above).

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------

Follow-Ups:
- Re: Proxy to Active Directory: lost field
  - From: "Bogdan B. Rudas" <bogdan.rudas@nivalnetwork.com>

References:
- Proxy to Active Directory: lost field
  - From: "Bogdan B. Rudas" <bogdan.rudas@nivalnetwork.com>

Prev by Date: Proxy to Active Directory: lost field
Next by Date: Re: Proxy to Active Directory: lost field
Index(es):
- Chronological
- Thread