[Date Prev][Date Next] [Chronological] [Thread] [Top]

Openldap RWM/AD Bind


I'm hoping someone can help me out on this. At the moment I have this

database        ldap
suffix          "ou=foo.com,o=mail"
uri             "ldap://";
rootdn          "cn=Overlord,dc=foo,dc=com"

idassert-bind   bindmethod=simple
                binddn="cn=BAR LDAP Proxy Account,cn=Users,dc=bar,dc=local"

rebind-as-user  yes

overlay         rwm
rwm-suffixmassage "dc=bar,dc=local"

rwm-map attribute       proxyAddresses *
rwm-map attribute       sAMAccountName *
rwm-map attribute       cn *
rwm-map attribute       givenName *
rwm-map attribute       mail *
rwm-map attribute       sn *
rwm-map attribute       * is an Active Directory server.

This seems to work fine for simple searches and the like again ou=foo.com,o=mail, however I need to setup an application against it. The way the application works for authentication is it uses an openldap service account, finds the user's email address in the directory via proxy, then tries to rebind as that user to the directory via proxy. 

I'm imagining this setup doesn't work because of the service account handling the bind for the actual directory search transparently, you can't just bind as a user through it. (specifically, I get inappropriateAuthentication/error code 48)

Is there a way to implement what I need? 

Thanks for any help in advance.