[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap proxy to AD

Hi all,
I'm building an openldap proxy to an AD server and adding a little of
"intelligence" based on the client request.

Unfortunately the client/program asking information about an account,
need to be setup with user and password.
There is a way to let the proxy "ignore" this user and password and
instead just use the ones specified on the slapd.conf file ?
Or setup fake credential somewhere ?


In detail, query are something like:
 
ldapsearch -x -h openldap-proxy -w "secret" -D
"CN=MGRADREAD05,CN=MGR,DC=example,DC=com" -b "dc=pmm,dc=int"
userPrincipalName=TST-USER10

but I need that the proxy exclude the "-w "secret" -D
"CN=MGRADREAD05,CN=MGR,DC=example,DC=com" part, and use the one on the
conf file.
In fact if I do a query like:

ldapsearch -x -h openldap-proxy -w "secret" -D
"CN=MGRADREAD05,CN=MGR,DC=example,DC=com" -b "dc=pmm,dc=int"
userPrincipalName=TST-USER10
it works.


Here the slapd.conf

database        meta
suffix          "dc=pmm,dc=int"

uri             "ldap://10.10.10.1/dc=pmm,dc=int";
suffixmassage   "dc=pmm,dc=int" "dc=media,dc=int"

rewriteContext  searchFilter
rewriteRule "userPrincipalName=(.*)@rtsi.ch"
"userPrincipalName=%1@rsi.ch"  ":"
rewriteRule "sAMAccountName=([:alnum:])" "userPrincipalName=%1@rtr.ch"
":"

idassert-bind
        bindmethod=simple
 
binddn="CN=svc-adread05,CN=AdminAccounts,OU=RSI,OU=Units,DC=media,DC=int
"
        credentials="Comano2012"
        mode=self
idassert-authzFrom "dn.regex:.*"




Any idea ?

Many thank's and best regards.

Marco



******************************************************

Visit: http://www.rsi.ch

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmaster@rsi.ch