Is it possible to configure slapd(8) to proxy a simple bind operation where the username provided by the client is not a LDAP DN string?
Right now this query works: ldapsearch -H "ldap://localhost/" \ -b "ou=windows,dc=rfa,dc=org" \ -D "CN=LDAP Proxy user account,OU=Windows,DC=rfa,DC=org" \ -W -x
Now how can I get a query like this to work: ldapsearch -H "ldap://localhost/" \ -b "ou=windows,dc=rfa,dc=org" \ -D "ldap-proxy@rfa.org" \ -W -x
My environment is made up of Debian stable (4.0 Etch) on the workstations and OpenLDAP server, OpenLDAP 2.3.30-5 on the server. MS Windows 2003 Server Enterprise edition for the AD server with Services For Unix 3.5 NIS server (and corresponding schema changes) applied.
thank you, donfede
Federico Grau wrote:
Is it possible to configure slapd(8) to proxy a simple bind operation where the username provided by the client is not a LDAP DN string?
No. Either use SASL bind, or at least you need to use something that's DN compliant, like "mail=ldap-proxy@rfa.org".
Then slapd can be configured to map that into whatever you like.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
openldap-software@openldap.org
-
Federico Grau -
Pierangelo Masarati