[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Problem when using OpenLDAP query to AD server

Okie, thanks for your help. My server is running properly. I will enhance
some security features for my server later.

Thanks and Best regards,

Pham Tung Duong

-----Original Message-----
From: Pierangelo Masarati [mailto:ando@sys-net.it] 
Sent: 10 tháng hai 2009 11:41 CH
To: Duong Pham Tung
Cc: openldap-technical@openldap.org
Subject: Re: Problem when using OpenLDAP query to AD server

Duong Pham Tung wrote:
> Sorry, but if anyone can, give me a example of slapd.conf for openldap
> proxy.
> I tried using idassert-bind instead of using binddn/bindpw, but nothing
> be finished

You didn't specify what you intend to do.  First of all you may want to 
read this <http://www.openldap.org/faq/data/cache/532.html>.

If your intention is to proxy anonymous clients on an authenticated 
connection, you can use

database        ldap
suffix          "dc=example,dc=com"
uri             "ldap://ldap.example.com";
idassert-bind   bindmethod=simple
idassert-authzFrom "*"

Replace the binddn and credentials fields accordingly.  Beware that by 
doing this you're breaking security, since AD will see anonymous users 
as the identity you put in the binddn.  So anonymous (or any user) will 
have the privileges of the binddn.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it