First of all, thanks for your answer and sorry for my late reply...
Le Wed, 01 Jul 2009 16:57:24 +0200, Michael Ströder michael@stroeder.com a écrit :
It should work. You should provide more details:
- relevant excerpts of slapd.conf
Here it is (skipped unrelevant parts) :
moduleload back_ldap moduleload back_meta moduleload rwm
database meta
overlay rwm
suffix "dc=authentification,dc=crbn"
uri "ldap://dc1.crbn.intra/ou=ad,dc=authentification,dc=crbn" "ldap://dc2.crbn.intra" suffixmassage "ou=ad,dc=authentification,dc=crbn" "ou=CRBN,dc=crbn,dc=intra"
rwm-rewriteEngine on rwm-map attribute uid sAMAccountname rwm-map objectclass inetOrgPerson user rwm-rewriteContext bindDN rwm-rewriteRule "(.+)2C(.+)" "$1,$2"
uri "ldap://mail.adl.crbn.fr/ou=adl,dc=authentification,dc=crbn" suffixmassage "ou=adl,dc=authentification,dc=crbn" "dc=adl,dc=crbn,dc=fr"
uri "ldap://mail.adl.crbn.fr/ou=lycees,dc=authentification,dc=crbn" suffixmassage "ou=lycees,dc=authentification,dc=crbn" "dc=lycee"
- which LDAP client is doing what (try to reproduce the issue with
OpenLDAP's command-line client)
The result is the same with ldapsearch and with ldapbrowser (java client v2.8.2).
- how does the AD entry look like
Here is an example of an OpenLDAP entry (skipped some attributes not in openldap schema) :
dn: cn=DUPONT, Harry, ou=DSI, ou=ad, dc=authentification,dc=crbn mail: h.dupont@crbn.fr objectGUID:: YBJCaXTvv73vv71C77+9IO+/ve+/ve+/vXvvv73vv70= uid: dupont_h objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson company: DSI name: DUPONT, Harry sn: DUPONT telephoneNumber: 9042 cn: DUPONT, Harry title: Reprographe homeDirectory: \gamelle\users$\dupont_h givenName: Harry displayName: DUPONT Harry userPrincipalName: dupont_h@crbn.intra distinguishedName: cn=DUPONT\2C Harry,ou=DSI,ou=ad,dc=authentification,dc=crbn
And here is the original AD entry :
dn: CN=DUPONT, Harry, OU=DSI, OU=CRBN, DC=crbn,DC=intra mail: h.dupont@crbn.fr objectGUID:: YBJCaXTvv73vv71C77+9IO+/ve+/ve+/vXvvv73vv70= objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user company: DSI name: DUPONT, Harry sn: DUPONT telephoneNumber: 9042 cn: DUPONT, Harry title: Reprographe homeDirectory: \gamelle\users$\dupont_h givenName: Harry displayName: DUPONT Harry userPrincipalName: dupont_h@crbn.intra distinguishedName: CN=DUPONT, Harry,OU=DSI,OU=CRBN,DC=crbn,DC=intra sAMAccountName: dupont_h
Notice the distinguishedName in the two examples... It is not rewriten, but it's another question...
etc.
Hope you have enough informations :)
Ciao, Michael.
Thanks