Duong Pham Tung wrote:
Sorry, but if anyone can, give me a example of slapd.conf for openldap proxy.
I tried using idassert-bind instead of using binddn/bindpw, but nothing can be finished
You didn't specify what you intend to do. First of all you may want to read this http://www.openldap.org/faq/data/cache/532.html.
If your intention is to proxy anonymous clients on an authenticated connection, you can use
database ldap suffix "dc=example,dc=com" uri "ldap://ldap.example.com" idassert-bind bindmethod=simple binddn="cn=Proxy,dc=example,dc=com" credentials=proxy mode=none idassert-authzFrom "*"
Replace the binddn and credentials fields accordingly. Beware that by doing this you're breaking security, since AD will see anonymous users as the identity you put in the binddn. So anonymous (or any user) will have the privileges of the binddn.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------