Re: slapd-ldap as proxy to active directory

[Liam Gretton <liam.gretton@leicester.ac.uk>]

On 16/12/2011 15:14, Pierangelo Masarati wrote:
> On 12/16/2011 03:35 PM, Liam Gretton wrote:
> > On my OpenLDAP AD proxy, as soon as slapd has started I do a
> > trivial search for a 'cn' attribute for a known record. After that,
> > it's possible to search on sAMAccountName or other attributes
> > without any problems.
>
> You don't need 99% of what you said.  All you need is:

[...]

> You don't need to create all the schema, only the portions that are
> needed.  If an attribute uses a syntax that OpenLDAP's slapd does
> not support (yet), you can use the closest one.  Usually, anything
> that needs not be case insensitive can be octet string, which has an
> equality rule.

I started that, but it quickly looked like a significant amount of work
for a number of attributes, so the quick and dirty solution was the
workaround I mentioned. I've put aside creating a custom AD schema for a
rainy day.

> If you think there are (standard track) syntaxes that AD supports
> and OpenLDAP misses, feel free to file a request for enhancement
> using the ITS (<http://www.openldap.org/its/>).

It certainly would be useful. What does 'standard track' mean? I have a
suspicion anything created by MS would automatically be excluded ;-)


--
Liam Gretton                                    liam.gretton@le.ac.uk
HPC Architect                                 http://www.le.ac.uk/its
IT Services                                   Tel: +44 (0)116 2522254
University of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom