Re: Using OpenLDAP to point to AD as address book

adp wrote:

Hi, we are using AD for our user accounts. I'd like to let our Unix users
point at our existing OpenLDAP server and view the AD address book. I can
easily setup an address book in OpenLDAP, but that would basically just
replicate what is already in AD. For political reasons we cannot point our
Unix users directly at AD.

I have no problems using tools such as ldapsearch to view our AD after a
bind. But I wonder if I can setup a referral in OpenLDAP so that our Unix
mail users can open their LDAP address book and see what the Exchange users
already see. The big issue I see is that you have to bind to view anything
in AD (other than the schema).

Any thoughts are welcome!

Use an ldap backend to proxy the AD.

I'm using openldap-2.0.27-11.

Then upgrade to whatever maintained distribution (stable 2.1, latest 2.2) and read slapd-ldap(5) man page. Installation should be straightforward.


