[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using OpenLDAP to point to AD as address book

"adp" <dap99@i-55.com> writes:

> This is exactly what I was looking for, thanks. I have one problem however
> that I hope this group can help with.
> Okay, I have openldap-2.2.11 installed and running fine. I have a very
> minimal slapd configuration since all I'm doing is proxying for an AD
> directory.
> With or without binddn I can do an anon. search of AD fine. (That just
> returns the schema.) If I stop slapd then the anon connection fails totally.
> (This is just to ensure I'm testing against the right server.)

search on rootDSE should allow anonymous bind.

> If I try to search a specific container, such as cn=Users, that fails. Well,
> it doesn't fail so much as it doesn't return anything:

> Perhaps I am misunderstanding the binddn and bindpw?

Yes. binddn and bindpw are for slapd internal operations only.

> I want to be able to connect to openldap from ldapsearch or any LDAP client
> anonymously and search for mail addresses in the Users container in our AD.
> (I will worry about ACLs and whatnot later.) From reading the slapd-meta
> manpage I thought this would do it, but it appears that I'm wrong.

> Any ideas?

Ask the developer of AD to allow anonymous bind on searches.

> Questin two:
> Using a specific hostname (abc-dc, a DC for the network) is bad if abc-dc
> goes down. Other than setting up RRDNS for our DCs just for this, is there a
> way to configure this so that slapd will try another server (for example,
> abc-dc2) if abc-dc is unavailable?

You may define multiple uris's for back-meta.


Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de