Hi,

We need to setup a openldap proxy to Active Directory. Here is our slapd.conf:

   database        ldap

   suffix          "ou=user,dc=company,dc=com"

   uri             ldap://10.10.10.10/

   rebind-as-user

   idassert-bind   bindmethod=simple

                binddn="cn=openldapuser,ou=Service Accounts,dc=internal,dc=company,dc=com"

                credentials=********

                mode=none

   

   idassert-authzFrom "dn.regex:.*"

   

   overlay rwm

   rwm-suffixmassage       "OU=All Users,dc=internal,dc=company,dc=com"

   rwm-map attribute uid sAMAccountName

We were trying to query multiple of OU in Active Directory, with the same search string. For example, on AD, user Michael Lois is in "cn=Michael Lois,ou=Accounting,OU=All Users,dc=internal,dc=company,dc=com". With the openldap proxy, we were trying to search Michael with "cn=Michael Lois,ou=user,dc=company,dc=com". From the above slapd config, the following 2 ldapsearch on the openladp proxy server would work:

   ldapsearch -W  -x -b "ou=user,dc=company,dc=com" cn="Michael Lois"

   ldapsearch -xW -b "cn=Michael Lois,ou=Accounting,ou=user,dc=company,dc=com" 

But our goal is to make this ldapsearch to give us the same result:

   ldapsearch -xW -b "cn=Michael Lois,ou=user,dc=company,dc=com" 

Does anyone know how to search through a proxy with mulitple level of OU in AD?

Thank you,

Michael