[Date Prev][Date Next] [Chronological] [Thread] [Top]

Search in Active Directory Proxy with multiple level of OU


We need to setup a openldap proxy to Active Directory. Here is our slapd.conf:

   database        ldap
   suffix          "ou=user,dc=company,dc=com"
   uri             ldap://
   idassert-bind   bindmethod=simple
                binddn="cn=openldapuser,ou=Service Accounts,dc=internal,dc=company,dc=com"
   idassert-authzFrom "dn.regex:.*"
   overlay rwm
   rwm-suffixmassage       "OU=All Users,dc=internal,dc=company,dc=com"
   rwm-map attribute uid sAMAccountName

We were trying to query multiple of OU in Active Directory, with the same search string. For example, on AD, user Michael Lois is in "cn=Michael Lois,ou=Accounting,OU=All Users,dc=internal,dc=company,dc=com". With the openldap proxy, we were trying to search Michael with "cn=Michael Lois,ou=user,dc=company,dc=com". From the above slapd config, the following 2 ldapsearch on the openladp proxy server would work:

   ldapsearch -W  -x -b "ou=user,dc=company,dc=com" cn="Michael Lois"

   ldapsearch -xW -b "cn=Michael Lois,ou=Accounting,ou=user,dc=company,dc=com" 

But our goal is to make this ldapsearch to give us the same result:

   ldapsearch -xW -b "cn=Michael Lois,ou=user,dc=company,dc=com" 

Does anyone know how to search through a proxy with mulitple level of OU in AD?

Thank you,