[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd-ldap as proxy to active directory



Juan Miscaro wrote:
On 14 December 2011 17:44, Quanah Gibson-Mount<quanah@zimbra.com>  wrote:
--On Wednesday, December 14, 2011 3:40 PM -0500 Juan Miscaro
<jmiscaro@gmail.com>  wrote:

I would like to use the slapd-ldap backend as a proxy to Active
Directory (Windows Server 2008 R2).

Firstly, AD can be queried directly:

Does your local OpenLDAP have a schema file that defines the AD attributes
you are using?

No.  I read that since OpenLDAP 2.3 this was not necessary (I'm
running 2.4.25 on Ubuntu 11.10).  I got my project from a tutorial [1]
where this all worked.

[1]: http://is.gd/dqM1Ts (see section "Using OpenLDAP 2.3 to Pass
Unknown Schema" on page 2)

The passthru of unknown schema is just a hack. It will allow you to see some data but without actual schema definitions it can't do proper normalization, case matching, filter parsing, etc... Everything works better with actual schema defined.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/