Re: Search in Active Directory Proxy with multiple level of OU

To: openldap-technical@openldap.org

Subject: Re: Search in Active Directory Proxy with multiple level of OU

From: Michael Lois <michaellois23@gmail.com>

Date: Mon, 6 Jan 2014 14:29:23 -0800

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=z2O3Jh/PsZs5uiXB+WrluyCyjqs/vIYsVmtIw64Knjs=; b=KmPJDty77UGhah/SvYpHco79S8/3fdAoh4hFo1cCsZhAN/oGyYxjOQf7qrkVjtwn/Q VtvJLgkneQwVVsybH3ukLX2NciIQC4cYfIk4VYvnepBHLVueKHji81qHCmC+fLCssV68 D51aITbj3nK6DKZMWCAvy+ejC20tudkFMGdOjBxM/KjIGMH/i2xOCPLuAXuD7ZgIht8x wIukeQ5ArEVmlXV/dnRtctghf8pJsHgF2/pUSQdkZ+0BpDvgKPMUaW2GR7HhlSfagQUh AQnSOvYaCUqnK+MQi4a5k/M7DdyY/5YCfeIOHF3iufwXkiA4N6/N4WhTIpxGG0x1XI8j W9Dw==

In-reply-to: <CAFp6PD363Cht0Bi_ec82rMRiivvuLpOUU-0T=hej03tuQxNgFg@mail.gmail.com>

References: <CAFp6PD363Cht0Bi_ec82rMRiivvuLpOUU-0T=hej03tuQxNgFg@mail.gmail.com>

Thank you for the reply, Dieter. I tried the following config:

rwm-suffixmassage "ou=user,dc=company,dc=com" "OU=All Users,dc=internal,dc=company,dc=com"

rwm-map attribute uid sAMAccountName

Simple searches work ( ldapsearch -W -x -b "ou=user,dc=company,dc=com" uid=michael), but some of our application needs to specify the binding of which OU the user belongs to. From the above example, if we do a search on proxy with "ldapsearch -xW -b "cn=Michael Lois,ou=user,dc=company,dc=com", the proxy would need to translate it into "cn=Michael Lois,ou=Accounting,OU=All Users,dc=internal,dc=company,dc=com" on AD, without the need for user to provide that Michael Lois on the Accounting OU. Is this possible?

I think my problem is similar to this one in the older thread in 2009, but seems like this quesiton was still open:

http://www.openldap.org/lists/openldap-technical/200902/msg00090.html