Thank you for the reply, Dieter. I tried the following config:
rwm-suffixmassage "ou=user,dc=company,dc=com" "OU=All Users,dc=internal,dc=company,dc=com"
rwm-map attribute uid sAMAccountName
Simple searches work ( ldapsearch -W -x -b "ou=user,dc=company,dc=com" uid=michael), but some of our application needs to specify the binding of which OU the user belongs to. From the above example, if we do a search on proxy with "ldapsearch -xW -b "cn=Michael Lois,ou=user,dc=company,dc=com", the proxy would need to translate it into "cn=Michael Lois,ou=Accounting,OU=All Users,dc=internal,dc=company,dc=com" on AD, without the need for user to provide that Michael Lois on the Accounting OU. Is this possible?
I think my problem is similar to this one in the older thread in 2009, but seems like this quesiton was still open: