[Date Prev][Date Next]
Re: Using OpenLDAP to point to AD as address book
"adp" <email@example.com> writes:
> This is exactly what I was looking for, thanks. I have one problem however
> that I hope this group can help with.
> Okay, I have openldap-2.2.11 installed and running fine. I have a very
> minimal slapd configuration since all I'm doing is proxying for an AD
> With or without binddn I can do an anon. search of AD fine. (That just
> returns the schema.) If I stop slapd then the anon connection fails totally.
> (This is just to ensure I'm testing against the right server.)
search on rootDSE should allow anonymous bind.
> If I try to search a specific container, such as cn=Users, that fails. Well,
> it doesn't fail so much as it doesn't return anything:
> Perhaps I am misunderstanding the binddn and bindpw?
Yes. binddn and bindpw are for slapd internal operations only.
> I want to be able to connect to openldap from ldapsearch or any LDAP client
> anonymously and search for mail addresses in the Users container in our AD.
> (I will worry about ACLs and whatnot later.) From reading the slapd-meta
> manpage I thought this would do it, but it appears that I'm wrong.
> Any ideas?
Ask the developer of AD to allow anonymous bind on searches.
> Questin two:
> Using a specific hostname (abc-dc, a DC for the network) is bad if abc-dc
> goes down. Other than setting up RRDNS for our DCs just for this, is there a
> way to configure this so that slapd will try another server (for example,
> abc-dc2) if abc-dc is unavailable?
You may define multiple uris's for back-meta.
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521