[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Question about OpenLDAP and rwm overlay
- To: Quanah Gibson-Mount <quanah@symas.com>, Dieter Klünter <dieter@dkluenter.de>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
- Subject: RE: Question about OpenLDAP and rwm overlay
- From: "Vandenburgh, Steve Y" <Steve.Vandenburgh@centurylink.com>
- Date: Mon, 28 Oct 2019 18:21:42 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=centurylink.com; dmarc=pass action=none header.from=centurylink.com; dkim=pass header.d=centurylink.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lGUoOkOmAFXLdzHlXbm4LRNCUj614jwdo4exsu46Se8=; b=ic9vWQ4BZ6Bgt3EqUns0ZbE1JI+0JcDjkn9z9FnM5h+kVD1BvTkRQYlRAgBPfGxTB0EHZKUOfD0AlpjBK94knPLhWUE6xro312x9ay8b3gXRzVeH02/UlMV16NA5Xo5C1SmFteVh478RSG7SZ9uJnsqLN0jcCubmZOr36UBWQhLJ82U1YKrMbty1wVsrItahyaibm1ShwJ4MlxNzf4quFS9+kjbwMmdhK6RMNGLor2MThf74Mf3BCpCl7Ne4VWLY7dtQxWirdUHzmhGvrAED+Ryqp/++z5PVR9nJnZ2cbcye6Wy9yYa96lffe2HWk7JDMagP4fG5xmeyrL/wvwZCZg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KNQD7rOGHAFY951eAuWNjnVl61Y4SlnRxXcDqAcoba6pkb9uSL1yMyRNDnrwhd7anK7DwmuIOr2P71or2+hxrVPYuiaaM4uQtc874mRbmxjiA6gvzAsCJyfpX3yiwmZB4gJvv6pSi47vOwv7DQ9dP7U8YJb7bV3eV0ketqY+MJEdWR6nq/gACegZBTuT0OW9XOHqV8+aGq76iAjKYKHANHKxIpKEtNuYOyBIFShRApXdvNlEIK+begHC3ELC6DwiGBTNkCs/2PE12TnvHbOJW2zio2+fK0KEzM/ubXPXhUayxDQ2gPHp7AB2bEYna5lRbfFPhrCPuv1TkHYiuoZjHQ==
- Authentication-results: spf=none (sender IP is ) smtp.mailfrom=Steve.Vandenburgh@centurylink.com;
- Content-language: en-US
- Dkim-filter: OpenDKIM Filter v2.11.0 lxomp52w.centurylink.com x9SILppu029136
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=centurylink.com; s=default; t=1572286913; bh=ZLtoyGPG68qXwXCSe8FzFgc5K00C5v/7ff8QybXol3s=; h=From:To:Subject:Date:References:In-Reply-To:From; b=BlsNavPnav9s7NJqQOwRTN1ApJ3H9Bv9NvM5HYi6bjuash4bHAbNcthfTATKM7IIC gxAzRuWJZK/eoeG1JF0y0T23uu1I7077sb8qxPWC60cqKg/q7vQJ7ofZwyH+ZYTS8P N0RBN9KXtqHXadqKlh+y/ERFsDgNH3uEpuU7qgOE=
- In-reply-to: <EC89FCC762466F6DF7F62D2D@[192.168.1.144]>
- References: <BN7PR02MB3938806E548A066A7C8E24DAF4640@BN7PR02MB3938.namprd02.prod.outlook.com> <20191026202739.4a2cfed3@pink.fritz.box> <EC89FCC762466F6DF7F62D2D@[192.168.1.144]>
- Thread-index: AdWLlE3Oy/YAo7/+RAi9SwUqCXrWHwAlr4yAAAMfAIAAYPK4AA==
- Thread-topic: Question about OpenLDAP and rwm overlay
Thanks for the tip Quanah (and Dieter). I have added the MSUser schema to the configuration. However, I'm still getting the same behavior. If I use a bind DN like
Mail=myname@mycompany.com
which is potentially a valid DN, the rewriting is applied; however if the bind DN is just the email address e.g.
myname@mycompany.com
then the OpenLDAP returns error 34 (invalid DN). So before I do more troubleshooting, I wanted to ask if the rewrite rules can be applied before the syntax check on the bind DN is done. If the OpenLDAP server always performs the syntax check on the DN before any rewrite rules are applied, then what I'm trying to accomplish (using a Microsoft UPN bind DN) cannot be done.
Thanks again,
Steve Vandenburgh
LDAP Directory Services/Identity Management
CenturyLink
(720)738-2688
-----Original Message-----
From: openldap-technical <openldap-technical-bounces@openldap.org> On Behalf Of Quanah Gibson-Mount
Sent: Saturday, October 26, 2019 1:57 PM
To: Dieter Klünter <dieter@dkluenter.de>; openldap-technical@openldap.org
Subject: Re: Question about OpenLDAP and rwm overlay
--On Saturday, October 26, 2019 9:27 PM +0200 Dieter Klünter <dieter@dkluenter.de> wrote:
> [...]
> slapd requires part of AD schemas in order to operate back-ldap
> properly. Thus write a private schema, providing required attribute
> types and object classes.
The MSUser schema in OpenLDAP master may be useful for this.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fwww.symas.com&umid=AE42BD9E-95D5-B405-A685-740CAF9B7769&auth=19120be9529b25014b618505cb01789c5433dae7-ad787404dd2d33e665cc543b477f7fd3a84aba08>
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.