[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP as proxy for Active Directory

To: openldap-software@OpenLDAP.org
Subject: OpenLDAP as proxy for Active Directory
From: Jan Schmidt <schmidt4@uni-greifswald.de>
Date: Fri, 14 Oct 2005 21:23:57 +0200

Hi list,

I managed to setup OpenLDAP (2.2.23 on SuSE 9.3) as read-only proxy to our Active Directory using the ldap/meta backend. Now I've found two annoying drawbacks.

(1) One strange behaviour is, that a ldapsearch on the proxy returns only a subset of the available attributes of the object. Same ldapsearch to the Active Directory returns the full set.

(2) Active Directory allows uid@domain as bindDN. While slapd is configured to be a proxy it doesn't send the bindDN to the AD but parses it. This results in an error message: <= ldap_bv2dn(uid@domain)=-4 Decoding error bind: invalid dn (uid@domain) I tried to do the rewrite stuff mentioned in slapd-meta.5 but it doesn't work.

Can somebody give me some hints or has anyone got a fully functional AD-proxy configuration?

Best regards,
    Jan Schmidt

---------------------------------------------------------------
AG Anwendungen/Multimedia Rechenzentrum Universität Greifswald
http://www.multimedia.uni-greifswald.de/
Tel: +49 3834 861416 Fax: +49 3834 8680016

Follow-Ups:
- Re: OpenLDAP as proxy for Active Directory
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: OpenLDAP as proxy for Active Directory
  - From: "Marc Grober" <marc@interak.com>

Prev by Date: Re: Running without indexes
Next by Date: Re: Running without indexes
Index(es):
- Chronological
- Thread