[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Active Directory OpenLDAP Proxy

Hi Marc,

could you please post your source of information & how you did a proper configuration.
I'd like to set up a similar setup in my environment.

Thanks in advance and bye.

2011/7/23 Marc Schöchlin <marc@256bit.org>

i already discovered the source of the problem.
After loading  module "back_ldap" openldap accepted  my ldif-input.
I think it might be a really good idea to add extra information about which modules have to be loaded
to get a ldap-proxy working...

Does anybody have a working example for a "openldap-to-active-directory-proxy" including attribute mapping?


Am 16.07.2011 13:16, schrieb Marc Schöchlin:

Hello OpenLDAP Users,

i setup da openldap-instance as described at

It seems that the Objectclass "olcOverlayConfig" is missed - where can
i find that objectclass?

Is there a complete manual available which describes how to setup a
active directory proxy server?

Is it possible to modify the configuration using a ldap browser like
active directory studio?

To use that server to be a proxy to a active directory server i am
trying to add the following configuration:

dn: olcDatabase={2}ldap
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: {2}ldap
olcSuffix: dc=proxy,dc=foobar,dc=de
olcRootDN: dc=foobar,dc=local
olcDbURI: "ldap://"

dn: olcOverlay={0}pcache
objectClass: olcOverlayConfig
objectClass: olcPcacheConfig
olcOverlay: {0}pcache
olcPcache: bdb 100000 1 1000 100
olcPcacheAttrset: 0 mail postalAddress telephoneNumber
olcPcacheTemplate: "(sn=)" 0 3600 0 0 0
olcPcacheTemplate: "(&(sn=)(givenName=))" 0 3600 0 0 0
olcPcacheTemplate: "(&(departmentNumber=)(secretary=))" 0 3600

dn: olcDatabase={0}hdb
objectClass: olcHdbConfig
objectClass: olcPcacheDatabase
olcDatabase: {0}hdb
olcDbDirectory: ./proxy-db.2.a
olcDbCacheSize: 20
olcDbIndex: objectClass eq
olcDbIndex: cn,sn,uid,mail  pres,eq,sub

LDAP-ADD Complains:

# ldapadd -vvv -Y EXTERNAL -H ldapi:/// -f /etc/ldap/proxy.ldif
ldap_initialize( ldapi:///??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
add objectClass:
add olcDatabase:
add olcSuffix:
add olcRootDN:
add olcDbURI:
adding new entry "olcDatabase={2}ldap"
ldap_add: Invalid syntax (21)
       additional info: objectClass: value #1 invalid per syntax


To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra