[Date Prev][Date Next]
Re: OpenLDAP's Backend Rewrite Engine
Just in case this is useful to anyone. Here's the command I'm sending
ldapsearch -x -Hldap://172.16.1.201
I want the proxy to forward the bind request to
"ldap://mixedmaster.mixeddomain.com/," which is where I want the bind to
take place. I know the DN must be rewritten before the bind is
attempted, but I'm just not sure how to use the rewrite engine...
Michael Gale wrote:
So, I decided to try the proxy approach, and I would like to rewrite a
DN from this:
I would like to perform a simple substitution where the user name from
one DN gets copied to another. I am using a rewrite context for a
client -> server operation, but I'm pretty sure the following is not
I'm a little lost as to what rules/contexts/uris are required in the
"slapd.conf" file. Any help would be greatly appreciated.
Michael Gale wrote:
We have two LDAP servers on our network. One is an OpenLDAP server,
and the other is an Active Directory server. I have been
investigating how to authenticate against Active Directory through
the OpenLDAP server, and after several days of reading fragmented
pieces of information, I am admittedly confused.
I have read about a couple of different options such as OpenLDAP's
back-end or meta server, setting up a proxy, but I am still unsure
which option to use. Regrettably, there is little cohesive
information for establishing such a relationship, so I would love
some advice. First let me describe this relationship between the two
The OpenLDAP server will hold various bits of information about the
users of our network, service configurations, etc. Basically, it
contains the user name and small groupings of unrelated information.
I want this server to be the only "point of contact" for our users
and software. In other words, nobody needs to know about the Active
Directory, except for the OpenLDAP server of course.
The Active Directory has user names and passwords. I am looking for
a way to authenticate our users against the Active Directory. There
are a few ground rules for this relationship:
1) I don't want services or users to contact the ADS server directly.
2) I don't want to synchronize passwords between the two servers.
3) I cannot replace the ADS with OpenLDAP.
Is there a preferred way to handle this situation? Can this be
achieved through OpenLDAP?
Many thanks for your time,