[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP backend filtering

To: openldap-technical@openldap.org
Subject: Re: LDAP backend filtering
From: Dieter KlÃnter <dieter@dkluenter.de>
Date: Mon, 11 Jun 2012 12:20:33 +0200
In-reply-to: <20120607201437.23000@gmx.net>
Organization: AVCI
References: <20120607201437.23000@gmx.net>

Am Thu, 07 Jun 2012 22:14:37 +0200
schrieb Smarti9@gmx.de:

> Hi everybody,
> 
> I'm quite new to openldap and I'm currently trying to find a solution
> for the following problem:
> 
> To populate an address book I need to read users and some attributes
> from an Active Directory. I need to map several attributes to a new
> attribute name. More important is to filter on active users and skip
> the disabled ones. My address book application is not able to do
> this, it can simply query the whole AD.
> 
> My idea was to use openldap as some kind of proxy between the
> application and the AD. I've setup openldap with the following
> configuration:
> 
> database ldap
> suffix  "dc=xxxx,dc=local"
> uri  "ldap://192.168.50.1";
> rebind-as-user
> protocol-version 3
> overlay rwm
> rwm-map attribute uid samaccountname
> rwm-map attribute address street
> 
> This works perfect for getting the data out of the AD and remap the
> attribute names. Unfortunately I wasn't able to restrict the results
> to active users. The query string which does this looks like this:
> 
> "(&(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
> 
> Can anyone please point me to the right direction how I can set this
> as a filter towards the AD to only get back the results matching this
> filter?

man slapo-rwm(5), define a rewrite context based on searchFilter

-Dieter

-- 
Dieter KlÃnter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53Â37'09,95"N
10Â08'02,42"E

References:
- LDAP backend filtering
  - From: Smarti9@gmx.de

Prev by Date: back-sql slow searches
Next by Date: OLC Configuration on RHEL6
Index(es):
- Chronological
- Thread