[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ldapsearch query via OpenLDAP proxy to AD
- To: <openldap-software@OpenLDAP.org>
- Subject: ldapsearch query via OpenLDAP proxy to AD
- From: "Lank, Tim" <tim.lank@bearingpoint.com>
- Date: Tue, 27 Apr 2004 11:02:34 +0100
- Content-class: urn:content-classes:message
- Thread-index: AcQsPsMZj0wCRQpzSV2GulmKx55Dog==
- Thread-topic: ldapsearch query via OpenLDAP proxy to AD
I am trying to query the active directory (192.168.1.89) on my network using ldapsearch by way of an OpenLDAP proxy (192.168.1.73) using the following slapd.conf:
*************slapd.conf on 192.168.1.73******************
database meta
suffix "dc=corp,dc=mycompany,dc=com"
dncache-ttl forever
lastmod off
rootdn "cn=Administrator,cn=users,dc=corp,dc=mycompany,dc=com"
rootpw 12345678
uri "ldap://192.168.1.89/cn=users,dc=corp,dc=mycompany,dc=com";
pseudorootdn "cn=admin2,cn=users,dc=corp,dc=mycompany,dc=com"
pseudorootpw 12345678
When I try this it works (returns results from the AD):
ldapsearch -h 192.168.1.73 -x -D cn=administrator,cn=users,dc=corp,dc=mycompany,dc=com -W -b 'dc=corp,dc=mycompany,dc=com' ''cn=tim*'
When I try this it doesn't return any results at all:
ldapsearch -h 192.168.1.73 -x -b 'dc=corp,dc=mycompany,dc=com' 'cn=tim*'
What should I change in my slapd.conf to make the second query return results?
In other words, how do I successfully get the back-meta to authenticate properly to the AD?
I have been told (if I understood correctly) that the back-meta with the pseduorootdn parameter will allow this type of proxied authenticated query to work.
***************************************************************************************************
The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system.
***************************************************************************************************