Am Thu, 2 Jan 2014 16:37:49 -0800 schrieb Michael Lois michaellois23@gmail.com:
Hi,
We need to setup a openldap proxy to Active Directory. Here is our slapd.conf:
database ldap suffix "ou=user,dc=company,dc=com" uri ldap://10.10.10.10/ rebind-as-user idassert-bind bindmethod=simple binddn="cn=openldapuser,ou=Service Accounts,dc=internal,dc=company,dc=com" credentials=******** mode=none
idassert-authzFrom "dn.regex:.*"
overlay rwm rwm-suffixmassage "OU=All Users,dc=internal,dc=company,dc=com" rwm-map attribute uid sAMAccountName
We were trying to query multiple of OU in Active Directory, with the same search string. For example, on AD, user Michael Lois is in "cn=Michael Lois,ou=Accounting,OU=All Users,dc=internal,dc=company,dc=com". With the openldap proxy, we were trying to search Michael with "cn=Michael Lois,ou=user,dc=company,dc=com". From the above slapd config, the following 2 ldapsearch on the openladp proxy server would work:
ldapsearch -W -x -b "ou=user,dc=company,dc=com" cn="Michael Lois"
ldapsearch -xW -b "cn=Michael Lois,ou=Accounting,ou=user,dc=company,dc=com"
But our goal is to make this ldapsearch to give us the same result:
ldapsearch -xW -b "cn=Michael Lois,ou=user,dc=company,dc=com"
Does anyone know how to search through a proxy with mulitple level of OU in AD?
man slapo-rwm(5),
rwm-suffixmassage [<virtual naming context>] <real naming context> rwm-map {attribute | objectclass} [<local name> | *] {<foreign name> | *}
-Dieter