Am Thu, 07 Jun 2012 22:14:37 +0200 schrieb [email protected]: > Hi everybody, > > I'm quite new to openldap and I'm currently trying to find a solution > for the following problem: > > To populate an address book I need to read users and some attributes > from an Active Directory. I need to map several attributes to a new > attribute name. More important is to filter on active users and skip > the disabled ones. My address book application is not able to do > this, it can simply query the whole AD. > > My idea was to use openldap as some kind of proxy between the > application and the AD. I've setup openldap with the following > configuration: > > database ldap > suffix "dc=xxxx,dc=local" > uri "ldap://192.168.50.1"; > rebind-as-user > protocol-version 3 > overlay rwm > rwm-map attribute uid samaccountname > rwm-map attribute address street > > This works perfect for getting the data out of the AD and remap the > attribute names. Unfortunately I wasn't able to restrict the results > to active users. The query string which does this looks like this: > > "(&(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" > > Can anyone please point me to the right direction how I can set this > as a filter towards the AD to only get back the results matching this > filter?
man slapo-rwm(5), define a rewrite context based on searchFilter -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E
