I am currently attempting to configure our OpenLDAP 2.4.26 (on SUSE Enterprise 10) server to act as an proxy to Active Directory as well as using a local database. The local database works fine but I cannot for the life of me get the ldap backend to authenticate/bind
correctly to the AD ldap server. I can use ldapsearch to search AD just fine with the credentials passed as follows:
ldapsearch -x -h ldap.mydomain.com -D 'myldapuser' -w 'myldappw' -b 'dc=mydomain,dc=com' '(sAMAccountName=myusername)'
Returns all the associated data of “myusername” from AD.
Here is the section of my slapd.conf for my databases and backends. I have read several different sites on how to configure this and they all use different methods and claim it works for them. None has worked for me. I continue to get bind errors. Any
guidance would be much appreciated.
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq,subinitial
suffix "dc=Company Users,dc=mydomain,dc=com"
binddn="cn=myldapuser,dc=Company Service Accounts,dc=mydomain,dc=com"
idassert-authzFrom "dn.exact:cn=cn=myldapuser,dc=Company Service Accounts,dc=mydomain,dc=com"
rwm-map objectclass account user
rwm-map attribute uidNumber employeeID
rwm-map attribute uid sAMAccountname
rwm-map attribute cn name
rwm-map attribute sn sn
rwm-map attribute mail mail
rwm-map attribute company company
rwm-map attribute entry entry
rwm-map attribute userPassword unicodePassword
rwm-map attribute *