Okie, thanks for your help. My server is running properly. I will enhance some security features for my server later.
Thanks and Best regards,
Pham Tung Duong
-----Original Message----- From: Pierangelo Masarati [mailto:ando@sys-net.it] Sent: 10 tháng hai 2009 11:41 CH To: Duong Pham Tung Cc: openldap-technical@openldap.org Subject: Re: Problem when using OpenLDAP query to AD server
Duong Pham Tung wrote:
Sorry, but if anyone can, give me a example of slapd.conf for openldap proxy.
I tried using idassert-bind instead of using binddn/bindpw, but nothing
can
be finished
You didn't specify what you intend to do. First of all you may want to read this http://www.openldap.org/faq/data/cache/532.html.
If your intention is to proxy anonymous clients on an authenticated connection, you can use
database ldap suffix "dc=example,dc=com" uri "ldap://ldap.example.com" idassert-bind bindmethod=simple binddn="cn=Proxy,dc=example,dc=com" credentials=proxy mode=none idassert-authzFrom "*"
Replace the binddn and credentials fields accordingly. Beware that by doing this you're breaking security, since AD will see anonymous users as the identity you put in the binddn. So anonymous (or any user) will have the privileges of the binddn.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------