On 16/12/2011 15:14, Pierangelo Masarati wrote:
On 12/16/2011 03:35 PM, Liam Gretton wrote:
On my OpenLDAP AD proxy, as soon as slapd has started I do a trivial search for a 'cn' attribute for a known record. After that, it's possible to search on sAMAccountName or other attributes without any problems.
You don't need 99% of what you said. All you need is:
[...]
You don't need to create all the schema, only the portions that are needed. If an attribute uses a syntax that OpenLDAP's slapd does not support (yet), you can use the closest one. Usually, anything that needs not be case insensitive can be octet string, which has an equality rule.
I started that, but it quickly looked like a significant amount of work for a number of attributes, so the quick and dirty solution was the workaround I mentioned. I've put aside creating a custom AD schema for a rainy day.
If you think there are (standard track) syntaxes that AD supports and OpenLDAP misses, feel free to file a request for enhancement using the ITS (http://www.openldap.org/its/).
It certainly would be useful. What does 'standard track' mean? I have a suspicion anything created by MS would automatically be excluded ;-)