[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP proxy to AD



Steve Harris wrote:

Hi all,

I'm setting up OpenLDAP as a proxy to AD so that LDAP queries directed
to the OpenLDAP proxy then connects to the AD via LDAPS.

OpenLDAP is up and running and the LDAP backend is working fine..

When I submit a query to the proxy server (using ldapsearch) I do not get
a response (the same query directly to the AD returns what I expect).

e.g. (query modified to protect the innocent :)

ldapsearch -v -h 127.0.0.1 -b "ou=bottom,dc=middle,dc=top"
"samaccountName=steve"

Running slapd with '-d -1' reveals the following ;

    get_ava: unknown attributeType samaccountName


I also have an attribute map in place and the debug reveals the following suring startup ;

  /usr/local/etc/openldap/slapd.conf: line 35: warning, destination
attributeType 'samaccountname' is not defined in schema


I'm guessing that I need an Active Directory schema of some form - is one
available (I've trawled Google and the mailing list archives) - any ideas
?


Ask AD (i.e. the schema under "subschemasubentry" in the rootDSE); you likely need to do some manual work to cast stuff in OpenLDAP's slapd.conf format for "attributeTypes" config statements.

p.





   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497