[Date Prev][Date Next] [Chronological] [Thread] [Top]

Authenticating OpenLDAP client with AD


I am working on authenticating OpenLDAP client with AD server. I saw
lots of examples which map the rfc2307bis schema using nss_schema
attribute in ldap.conf file

# Enable support for RFC2307bis (distinguished names in group
# members)
nss_schema rfc2307bis

and also, map the attributes of the rfc2307bis to the AD server schema

nss_map_attribute uid msSFU30Name
nss_map_attribute uidNumber msSFU30UidNumber
nss_map_attribute gidNumber msSFU30GidNumber
nss_map_attribute loginShell msSFU30LoginShell
nss_map_attribute gecos name
nss_map_attribute userPassword msSFU30Password
nss_map_attribute homeDirectory msSFU30HomeDirectory

Isn't there a way I can fetch the schema from the AD server and set it
using nss_schema ?.

Basically, I am looking at fetching the schema/objectClass/Attributes
from the LDAP/AD server and make them as a client schema's so that I
don't have to keep doing the mapping using nss_map_attribute and

I am new to LDAP world, and I am sorry if I my question doesn't make any sense.

I have seen lots of enterprise products which integrate with LDAP/AD.
They provide a user interface to map the server side schema
objectClass and attributes. I am trying to see if I can get rid of
this and do it internally.