[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Search in Active Directory Proxy with multiple level of OU
Am Thu, 2 Jan 2014 16:37:49 -0800
schrieb Michael Lois <michaellois23@gmail.com>:
> Hi,
>
> We need to setup a openldap proxy to Active Directory. Here is our
> slapd.conf:
>
> database ldap
> suffix "ou=user,dc=company,dc=com"
> uri ldap://10.10.10.10/
> rebind-as-user
> idassert-bind bindmethod=simple
> binddn="cn=openldapuser,ou=Service
> Accounts,dc=internal,dc=company,dc=com"
> credentials=********
> mode=none
>
> idassert-authzFrom "dn.regex:.*"
>
> overlay rwm
> rwm-suffixmassage "OU=All
> Users,dc=internal,dc=company,dc=com" rwm-map attribute uid
> sAMAccountName
>
> We were trying to query multiple of OU in Active Directory, with the
> same search string. For example, on AD, user Michael Lois is in
> "cn=Michael Lois,ou=Accounting,OU=All
> Users,dc=internal,dc=company,dc=com". With the openldap proxy, we
> were trying to search Michael with "cn=Michael
> Lois,ou=user,dc=company,dc=com". From the above slapd config, the
> following 2 ldapsearch on the openladp proxy server would work:
>
> ldapsearch -W -x -b "ou=user,dc=company,dc=com" cn="Michael Lois"
>
> ldapsearch -xW -b "cn=Michael
> Lois,ou=Accounting,ou=user,dc=company,dc=com"
>
> But our goal is to make this ldapsearch to give us the same result:
>
> ldapsearch -xW -b "cn=Michael Lois,ou=user,dc=company,dc=com"
>
> Does anyone know how to search through a proxy with mulitple level of
> OU in AD?
man slapo-rwm(5),
rwm-suffixmassage [<virtual naming context>] <real naming context>
rwm-map {attribute | objectclass} [<local name> | *] {<foreign name> |
*}
-Dieter
--
Dieter KlÃnter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53Â37'09,95"N
10Â08'02,42"E