[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP as a proxy/rewrite/remap to AD for nss_ldap

To: Mikolaj Kucharski <mikolaj@kucharski.name>, openldap-technical@openldap.org
Subject: Re: OpenLDAP as a proxy/rewrite/remap to AD for nss_ldap
From: Michael Ströder <michael@stroeder.com>
Date: Wed, 09 Dec 2009 21:17:18 +0100
In-reply-to: <20091209030158.GE12659@x40.openbsd.home.lan>
References: <20091209030158.GE12659@x40.openbsd.home.lan>
User-agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.23) Gecko/20090823 SeaMonkey/1.1.18

Mikolaj Kucharski wrote:
> I have Active Directory server, OpenLDAP server and a client machine.
> AD is based on Windows Server 2003, OpenLDAP is 2.3.43-3.el5 running on
> CentOS 5 i386, client machine is as well CentOS 5.

You might want to upgrade your OpenLDAP installation since 2.3.x is
almost historic now and will not get much help. Yes, we all know that people
want to stick to what's shipped with their favourite Linux distribution but...

> AD doesn't have all attributes which are needed by nss_ldap, so I
> thought to keep internal LDAP database with missing information
> (uidNumber, loginShell, etc) and merge, rewrite, remap or meta this
> information, and then give that result to the nss_ldap.

You probably want to look into using slapo-translucent.

Ciao, Michael.

References:
- OpenLDAP as a proxy/rewrite/remap to AD for nss_ldap
  - From: Mikolaj Kucharski <mikolaj@kucharski.name>

Prev by Date: Re: syncrepl broke, connection loss
Next by Date: Re: TLS + SSL and openldap
Index(es):
- Chronological
- Thread