[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Proxying AD : troubles with the comma character



First of all, thanks for your answer and sorry for my late reply...

Le Wed, 01 Jul 2009 16:57:24 +0200,
Michael Ströder <michael@stroeder.com> a écrit :

> It should work. You should provide more details:
> - relevant excerpts of slapd.conf

Here it is (skipped unrelevant parts) :

moduleload      back_ldap
moduleload      back_meta
moduleload      rwm

database meta

overlay rwm

suffix "dc=authentification,dc=crbn"

uri     "ldap://dc1.crbn.intra/ou=ad,dc=authentification,dc=crbn";
"ldap://dc2.crbn.intra";
suffixmassage "ou=ad,dc=authentification,dc=crbn"
"ou=CRBN,dc=crbn,dc=intra"

rwm-rewriteEngine on
rwm-map attribute       uid             sAMAccountname
rwm-map objectclass     inetOrgPerson   user
rwm-rewriteContext bindDN
rwm-rewriteRule "(.+)2C(.+)" "$1\,$2"

uri     "ldap://mail.adl.crbn.fr/ou=adl,dc=authentification,dc=crbn";
suffixmassage   "ou=adl,dc=authentification,dc=crbn"
"dc=adl,dc=crbn,dc=fr"

uri     "ldap://mail.adl.crbn.fr/ou=lycees,dc=authentification,dc=crbn";
suffixmassage   "ou=lycees,dc=authentification,dc=crbn" "dc=lycee"

> - which LDAP client is doing what (try to reproduce the issue with
> OpenLDAP's command-line client)

The result is the same with ldapsearch and with ldapbrowser (java
client v2.8.2).

> - how does the AD entry look like

Here is an example of an OpenLDAP entry (skipped some attributes not in openldap schema) :

dn: cn=DUPONT\, Harry, ou=DSI, ou=ad, dc=authentification,dc=crbn
mail: h.dupont@crbn.fr
objectGUID:: YBJCaXTvv73vv71C77+9IO+/ve+/ve+/vXvvv73vv70=
uid: dupont_h
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
company: DSI
name: DUPONT, Harry
sn: DUPONT
telephoneNumber: 9042
cn: DUPONT, Harry
title: Reprographe
homeDirectory: \\gamelle\users$\dupont_h
givenName: Harry
displayName: DUPONT Harry
userPrincipalName: dupont_h@crbn.intra
distinguishedName: cn=DUPONT\2C Harry,ou=DSI,ou=ad,dc=authentification,dc=crbn

And here is the original AD entry :

dn: CN=DUPONT\, Harry, OU=DSI, OU=CRBN, DC=crbn,DC=intra
mail: h.dupont@crbn.fr
objectGUID:: YBJCaXTvv73vv71C77+9IO+/ve+/ve+/vXvvv73vv70=
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
company: DSI
name: DUPONT, Harry
sn: DUPONT
telephoneNumber: 9042
cn: DUPONT, Harry
title: Reprographe
homeDirectory: \\gamelle\users$\dupont_h
givenName: Harry
displayName: DUPONT Harry
userPrincipalName: dupont_h@crbn.intra
distinguishedName: CN=DUPONT\, Harry,OU=DSI,OU=CRBN,DC=crbn,DC=intra
sAMAccountName: dupont_h

Notice the distinguishedName in the two examples... It is not rewriten, but it's another question...

> etc.

Hope you have enough informations :)

> 
> Ciao, Michael.

Thanks

-- 
Emmanuel Lesouef