[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd-ldap as proxy to active directory



On 15/12/2011 14:57, Juan Miscaro wrote:
So do I need to get the actual schema from AD and try to import it or
is there something more easily available?  It doesn't seem like I'm
doing something exotic here.  Others must have confronted such a
situation.  Right?  :)

You'd think so. I've hit the same problem recently.

You can't import the MS AD schema directly, it uses syntaxes that OpenLDAP doesn't understand. The OpenLDAP documentation suggests that adding new syntaxes requires changes to the source code, so it's not trivial to solve.

I found a workaround which may be useful to you. OpenLDAP won't return attributes for an unknown schema initially, but if you do a single search for an attribute it does understand, subsequent searches can be made on the ones for which there's no schema.

On my OpenLDAP AD proxy, as soon as slapd has started I do a trivial search for a 'cn' attribute for a known record. After that, it's possible to search on sAMAccountName or other attributes without any problems.

--
Liam Gretton                                    liam.gretton@le.ac.uk
HPC Architect                                 http://www.le.ac.uk/its
IT Services                                   Tel: +44 (0)116 2522254
University of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom