[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP Proxy to AD of User Objects with full/correct schema

To: openldap-technical@openldap.org
Subject: Re: OpenLDAP Proxy to AD of User Objects with full/correct schema
From: Pierangelo Masarati <masarati@aero.polimi.it>
Date: Fri, 23 Nov 2012 09:19:34 +0100
In-reply-to: <A3FB5D9FD28C50429DF7692DC31054E604B70399@DC1INTADCW8201.yieldbroker.com>
References: <CAD-3wgoqu9C6Ajwr_HPDmcDxhVrsR07wLxexDD5Fuq3HDRODvg@mail.gmail.com> <A3FB5D9FD28C50429DF7692DC31054E604B6D793@DC1INTADCW8201.yieldbroker.com> <d9b6e4fd853b7d030d983fa39559ffad.squirrel@www.aero.polimi.it> <A3FB5D9FD28C50429DF7692DC31054E604B70399@DC1INTADCW8201.yieldbroker.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121028 Thunderbird/16.0.2

On 11/22/2012 11:33 PM, Alex Samad - Yieldbroker wrote:

please do not top post.

Pretty sure I tried that
Go back and give it another test.

How does it different between anon and non anon binds to openldap

So if its an
anon to openldap ->  I want to bind with the supplied credentials
non anon to openldap -> I want to bind with the supplied credential that are supplied to openldap from the client

Does that make sense ?

Thanks
Alex

-----Original Message-----
From: Pierangelo Masarati [mailto:masarati@aero.polimi.it]
Sent: Friday, 23 November 2012 8:30 AM
To: Alex Samad - Yieldbroker
Cc: Mailing Lists; openldap-technical@openldap.org
Subject: RE: OpenLDAP Proxy to AD of User Objects with full/correct schema

I would be interested in this.

Where you able to get it to convert anonymous searches on openldap to
non anon searches into ad

So I wanted to be able to search email addresses from ad from openldap
. I created a read only userid for ad. But I could never work  out how
to configure openldap to use the given user/password when there was a
anon request.


within the "ldap" database specification:

idassert-bind   bindmethod=simple
                 binddn="cn=substitute-identity"
                 credentials="password"
                 mode=none
idassert-authzFrom dn.exact:""


idassert-bind   bindmethod=simple
                binddn="cn=substitute-identity"
                credentials="password"
                mode=none
		flags=non-prescriptive
idassert-authzFrom dn.exact:""

Please note this has always been documented in slapd-ldap(5) since theintroduction of the idassert-bind feature. Please read the manual forfurther help.

p.

--
Pierangelo Masarati
Associate Professor
Dipartimento di Ingegneria Aerospaziale
Politecnico di Milano



--
Pierangelo Masarati
Associate Professor
Dipartimento di Ingegneria Aerospaziale
Politecnico di Milano

References:
- OpenLDAP Proxy to AD of User Objects with full/correct schema
  - From: Mailing Lists <lists@masterofpenguins.com>
- RE: OpenLDAP Proxy to AD of User Objects with full/correct schema
  - From: Alex Samad - Yieldbroker <Alex.Samad@yieldbroker.com>
- RE: OpenLDAP Proxy to AD of User Objects with full/correct schema
  - From: "Pierangelo Masarati" <masarati@aero.polimi.it>
- RE: OpenLDAP Proxy to AD of User Objects with full/correct schema
  - From: Alex Samad - Yieldbroker <Alex.Samad@yieldbroker.com>

Prev by Date: Fail to pass the basic functionality testing (test058-syncrepl-asymmetric)
Next by Date: Re: ldif, a person with city and country
Index(es):
- Chronological
- Thread