I am currently attempting to configure our OpenLDAP 2.4.26 (on SUSE Enterprise 10) server to act as an proxy to Active Directory as well as using a local database. The local database works fine but I cannot for the life of me get the ldap backend to authenticate/bind correctly to the AD ldap server. I can use ldapsearch to search AD just fine with the credentials passed as follows:
ldapsearch -x -h ldap.mydomain.com -D 'myldapuser' -w 'myldappw' -b 'dc=mydomain,dc=com' '(sAMAccountName=myusername)'
Returns all the associated data of "myusername" from AD.
Here is the section of my slapd.conf for my databases and backends. I have read several different sites on how to configure this and they all use different methods and claim it works for them. None has worked for me. I continue to get bind errors. Any guidance would be much appreciated.
database bdb suffix dc=zlinux,dc=mydomain,dc=com rootdn cn=admin,dc=zlinux,dc=mydomain,dc=com rootpw myrootdnpw directory /usr/local/openldap/var/openldap-data index objectClass,uidNumber,gidNumber eq index cn,sn,uid,displayName pres,sub,eq index memberUid,mail,givenname eq,subinitial # # database ldap suffix "dc=Company Users,dc=mydomain,dc=com" uri ldap://ldap.mydomain.com idassert-bind bindmethod=simple binddn="cn=myldapuser,dc=Company Service Accounts,dc=mydomain,dc=com" credentials=myldappw mode=none idassert-authzFrom "dn.exact:cn=cn=myldapuser,dc=Company Service Accounts,dc=mydomain,dc=com" chase-referrals no overlay rwm rwm-map objectclass account user rwm-map attribute uidNumber employeeID rwm-map attribute uid sAMAccountname rwm-map attribute cn name rwm-map attribute sn sn rwm-map attribute mail mail rwm-map attribute company company rwm-map attribute entry entry rwm-map attribute userPassword unicodePassword rwm-map attribute *
Thanks
Dedrick
----------------------------------------------------- Please see the following link for the BlueCross BlueShield of Tennessee E-mail disclaimer: http://www.bcbst.com/email_disclaimer.shtm