Am Thu, 2 Jan 2014 16:37:49 -0800 schrieb Michael Lois <[email protected]>:
> Hi, > > We need to setup a openldap proxy to Active Directory. Here is our > slapd.conf: > > database ldap > suffix "ou=user,dc=company,dc=com" > uri ldap://10.10.10.10/ > rebind-as-user > idassert-bind bindmethod=simple > binddn="cn=openldapuser,ou=Service > Accounts,dc=internal,dc=company,dc=com" > credentials=******** > mode=none > > idassert-authzFrom "dn.regex:.*" > > overlay rwm > rwm-suffixmassage "OU=All > Users,dc=internal,dc=company,dc=com" rwm-map attribute uid > sAMAccountName > > We were trying to query multiple of OU in Active Directory, with the > same search string. For example, on AD, user Michael Lois is in > "cn=Michael Lois,ou=Accounting,OU=All > Users,dc=internal,dc=company,dc=com". With the openldap proxy, we > were trying to search Michael with "cn=Michael > Lois,ou=user,dc=company,dc=com". From the above slapd config, the > following 2 ldapsearch on the openladp proxy server would work: > > ldapsearch -W -x -b "ou=user,dc=company,dc=com" cn="Michael Lois" > > ldapsearch -xW -b "cn=Michael > Lois,ou=Accounting,ou=user,dc=company,dc=com" > > But our goal is to make this ldapsearch to give us the same result: > > ldapsearch -xW -b "cn=Michael Lois,ou=user,dc=company,dc=com" > > Does anyone know how to search through a proxy with mulitple level of > OU in AD? man slapo-rwm(5), rwm-suffixmassage [<virtual naming context>] <real naming context> rwm-map {attribute | objectclass} [<local name> | *] {<foreign name> | *} -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E
