[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP Proxy to Active Directory

I am currently attempting to configure our OpenLDAP 2.4.26 (on SUSE Enterprise 10) server to act as an proxy to Active Directory as well as using a local database. The local database works fine but I cannot for the life of me get the ldap backend to authenticate/bind correctly to the AD ldap server. I can use ldapsearch to search AD just fine with the credentials passed as follows:
ldapsearch -x -h ldap.mydomain.com -D 'myldapuser' -w 'myldappw' -b 'dc=mydomain,dc=com' '(sAMAccountName=myusername)'
Returns all the associated data of “myusername” from AD.
Here is the section of my slapd.conf for my databases and backends. I have read several different sites on how to configure this and they all use different methods and claim it works for them. None has worked for me. I continue to get bind errors. Any guidance would be much appreciated.
database    bdb
suffix      dc=zlinux,dc=mydomain,dc=com
rootdn      cn=admin,dc=zlinux,dc=mydomain,dc=com
rootpw      myrootdnpw
directory   /usr/local/openldap/var/openldap-data
index       objectClass,uidNumber,gidNumber               eq
index       cn,sn,uid,displayName                         pres,sub,eq
index       memberUid,mail,givenname                      eq,subinitial
database        ldap
suffix               "dc=Company Users,dc=mydomain,dc=com"
uri                    ldap://ldap.mydomain.com
idassert-bind   bindmethod=simple
                binddn="cn=myldapuser,dc=Company Service Accounts,dc=mydomain,dc=com"
idassert-authzFrom "dn.exact:cn=cn=myldapuser,dc=Company Service Accounts,dc=mydomain,dc=com"
chase-referrals no
overlay              rwm
rwm-map         objectclass account user
rwm-map         attribute   uidNumber    employeeID
rwm-map         attribute   uid          sAMAccountname
rwm-map         attribute   cn           name
rwm-map         attribute   sn           sn
rwm-map         attribute   mail         mail
rwm-map         attribute   company      company
rwm-map         attribute   entry        entry
rwm-map         attribute   userPassword unicodePassword
rwm-map         attribute   *
Please see the following link for the BlueCross BlueShield of Tennessee E-mail disclaimer:  http://www.bcbst.com/email_disclaimer.shtm