[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authenticating OpenLDAP client with AD

Hi vinay,

you may take a look at this:

It's not exactly what you want, but can help you reaching the goal. :)

Bye, Benjamin.

On Sat, Oct 23, 2010 at 12:22, Vinay Kalkoti <kalkoti.vinay@gmail.com> wrote:
> Hi,
> I am working on authenticating OpenLDAP client with AD server. I saw
> lots of examples which map the rfc2307bis schema using nss_schema
> attribute in ldap.conf file
> # Enable support for RFC2307bis (distinguished names in group
> # members)
> nss_schema rfc2307bis
> and also, map the attributes of the rfc2307bis to the AD server schema
> attributes.
> nss_map_attribute uid msSFU30Name
> nss_map_attribute uidNumber msSFU30UidNumber
> nss_map_attribute gidNumber msSFU30GidNumber
> nss_map_attribute loginShell msSFU30LoginShell
> nss_map_attribute gecos name
> nss_map_attribute userPassword msSFU30Password
> nss_map_attribute homeDirectory msSFU30HomeDirectory
> Isn't there a way I can fetch the schema from the AD server and set it
> using nss_schema ?.
> Basically, I am looking at fetching the schema/objectClass/Attributes
> from the LDAP/AD server and make them as a client schema's so that I
> don't have to keep doing the mapping using nss_map_attribute and
> nss_schema.
> I am new to LDAP world, and I am sorry if I my question doesn't make any sense.
> I have seen lots of enterprise products which integrate with LDAP/AD.
> They provide a user interface to map the server side schema
> objectClass and attributes. I am trying to see if I can get rid of
> this and do it internally.
> Thanks,
> Vinay

To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To
be is to do -- Sartre | Do be do be do -- Sinatra