Hi Everyone,

 

Like many organizations, we have two authentication systems here. I am trying to figure out a way of synchronizing LDAP passwords with AD passwords; or proxying the requests to AD. Management wants to keep LDAP intact, while enjoying the flexibility of single password.

 

 

I have unsuccessfully tried to use proxy functionally of LDAP to get user information from AD. First of all, AD needs a user name and password to retrieve information. Is there a way of specifying username/password? Even the following ldapsearch FAILS on openldap server, but the same query works fine for AD server.

 

 

ldapsearch -LLL -x -h localhost -b 'cn=users,dc=internal,dc=phg,dc=com,dc=au' -D "ldapauth@internal.phg.com.au" -W –x

ldapsearch -LLL -x -h localhost -b 'dc=internal,dc=phg,dc=com,dc=au' -D "CN=Ldap Authentication,OU=Linux,OU=InformationTechnology,OU=Portland House,OU=Sites,DC=internal,DC=phg,DC=com,DC=au" -W –x

 

 

 

Here is the relevant sladp.conf snippet.

 

database        ldap

suffix          "cn=users,dc=internal,dc=phg,dc=com,dc=au"

subordinate

rebind-as-user

uri             "ldap://192.168.100.100/"

chase-referrals yes

 

 

Any help is appreciated. Thank you very much.

 

Cheers

Nazeer

***************************************************************************

CAUTION: This email message and accompanying data may contain information

that is confidential and/or subject to legal privilege. If you are not the

intended recipient, you are notified that any use, dissemination,

distribution or copying of this message or data is prohibited.

If you have received this email message in error, please notify us

immediately and erase all copies of this message and attachments. Thank you.

***************************************************************************