Good day. I would like to use the slapd-ldap backend as a proxy to Active Directory (Windows Server 2008 R2).
Firstly, AD can be queried directly: $ ldapsearch -LLL -D "cn=John Doe,cn=users,dc=support,dc=com" -w okay -H ldap://ad.support.com -b cn=users,dc=support,dc=com '(sAMAccountName=jdoe)' cn sAMAccountName dn: CN=John Doe,CN=Users,DC=support,DC=com cn: John Doe sAMAccountName: jdoe Now, I have the following in slapd: ========== dn: cn=module{1},cn=config objectClass: olcModuleList cn: module{1} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_ldap dn: olcDatabase={2}ldap,cn=config objectClass: olcDatabaseConfig objectClass: olcLDAPConfig olcDatabase: {2}ldap olcDbURI: ldap://ad.support.com olcDbRebindAsUser: TRUE olcDbChaseReferrals: TRUE olcSuffix: cn=users,dc=support,dc=com ========== But when querying via the slapd instance I don't get anything back: $ ldapsearch -D "cn=John Doe,cn=users,dc=support,dc=com" -w okay -H ldap://slapd.example.com -b cn=users,dc=support,dc=com '(sAMAccountName=jdoe)' cn sAMAccountName # extended LDIF # # LDAPv3 # base <cn=users,dc=support,dc=com> with scope subtree # filter: (sAMAccountName=jdoe) # requesting: cn sAMAccountName # # search result search: 2 result: 32 No such object # numResponses: 1 I can query my normal/local DIT fine (even while authenticating as the remote AD user, which looks weird): $ ldapsearch -D "cn=John Doe,cn=users,dc=support,dc=com" -w okay -H ldap://slapd.example.com -b dc=example,dc=com '(ou=People)' cn # extended LDIF # # LDAPv3 # base <dc=example,dc=com> with scope subtree # filter: (ou=People) # requesting: cn # # People, example.com dn: ou=People,dc=example,dc=com # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 What am I missing? TIA. -- /jm
