[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: openldap to AD proxy

Still haven't been able to get this working. And can't find any way to turn on any debugging for ldap backend.

If anyone has done this if they could  provide some feed back.  


-----Original Message-----
From: Alex Samad - Yieldbroker 
Sent: Friday, 4 May 2012 2:32 PM
To: 'openldap-technical@openldap.org'
Subject: openldap to AD proxy


I am still struggling with the my openldap to AD proxy connection.

I have successfully connected such that I can do search when I bind to openldap with an AD dn, but I want to be able to do anon search and I want anon to map through to a dn I have created in AD which has read only rights.

dn: olcDatabase={3}ldap,cn=config
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: {3}ldap
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * read
olcReadOnly: TRUE
olcRootDN: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
olcSizeLimit: 500
olcSuffix: dc=xyz,dc=com
olcDburi: "ldap://ldap. xyz.com "
olcDbRebindAsUser: TRUE
olcDbChaseReferrals: TRUE
olcdbaclbind: bindmethod=simple binddn="CN=ad readonly,OU=YB Services,OU= xyz,DC= xyz,DC=com" credentials=":)" starttls=no
olcDbIDAssertBind: bindmethod=none binddn="CN=ad readonly,OU=YB Services,OU= xyz,DC= xyz,DC=com" credentials=":)" starttls=no

I have a subordinate db at ou=external, DC= xyz,DC=com

I can do a 

ldapsearch -x -D " CN=ad readonly,OU=YB Services,OU= xyz,DC= xyz,DC=com" -b " DC= xyz,DC=com"  -w :) 

what I can't do is
ldapsearch -x -b " DC= xyz,DC=com"

I am thinking I want to map anon request through to the readonly DN. But still leave it such that when people bind to openldap as themselves they bind to AD as themselves How would I do that ?