Mine would definetly be the second method you described (I don't know what
hte main LDAP server is running, and I can't touch its settings even if I
Thes given instructions (copied below) go in the slapd.config, and
everything else therein is removed?
In either case, after all database specific directives you need to add
# turn on rewriting (set to "off" to temporarily disable)
# LDAP map that looks up the real DN for binds; add options as needed
# (see slapo-rwm(5) for details)
# The actual bind DN rewrite rules
# extract the username from the incorrect DN, and try to use it
# as mailbox in a lookup filter "(mail=<mailbox>@domain)" to
# fetch the corresponding DN
# if the lookup fails, the error is ignored, and thus
# the original DN is used.