LDAP proxy for AD -- still no solution

Hi All, I progressed further, but still haven't reached stage where I can use AD account. Through, the proxy setup I could able to query ldap, but unable to use it for authentication. For example, ldapsearch -x -h ldapserver -LLL -b dc=internal,dc=phg,dc=com,dc=au '(uid=nazeerm)' is Successful, but id nazeerm fails (returns id: nazeerm: No such user). Here is ldap.conf file on client machine. uri ldap://ldapserver.research.phg.com.au/ base dc=internal,dc=phg,dc=com,dc=au scope sub bind_timelimit 15 timelimit 15 ssl no referrals no nss_base_passwd dc=internal,dc=phg,dc=com,dc=au?sub #nss_base_passwd OU=Da Vinci Coders,OU=Portland House,OU=Sites,dc=internal,dc=phg,dc=com,dc=au?one #nss_base_passwd cn=users,dc=internal,dc=phg,dc=com,dc=au?one nss_base_shadow dc=internal,dc=phg,dc=com,dc=au?sub nss_base_group dc=internal,dc=phg,dc=com,dc=au?sub?&(objectCategory=group)(gidnumber=*) nss_map_objectclass posixAccount user nss_map_objectclass shadowAccount user nss_map_objectclass posixGroup group nss_map_attribute gecos cn nss_map_attribute homeDirectory unixHomeDirectory nss_map_attribute uniqueMember member nss_initgroups_ignoreusers root,ldap Any help is appreciated. Thanks in advance. Regards Nazeer -----Original Message----- From: Nazeeruddin Mohammad Sent: Thursday, 11 September 2008 3:10 PM To: openldap-technical(a)openldap.org Subject: Rewrite: LDAP proxy for AD Hi, I could able to successfully use proxy functionality to connect to an AD server using the slapd configuration below. [SNIPPET from slap.conf] database ldap suffix "OU=Da Vinci Coders,OU=Portland House,OU=Sites,DC=internal,DC=phg,DC=com,DC=au" subordinate rebind-as-user uri "ldap://192.168.100.100/" acl-bind bindmethod=simple binddn="CN=Ldap Authentication,OU=Linux,OU=InformationTechnology,OU=Portland House,OU=Sites,DC=internal,DC=phg,DC=com,DC=au" credentials="test" chase-referrals yes idassert-bind bindmethod=simple authzID="u:bind" mode=self binddn="CN=Ldap Authentication,OU=Linux,OU=InformationTechnology,OU=Portland House,OU=Sites,DC=internal,DC=phg,DC=com,DC=au" credentials="test " idassert-authzFrom "dn.regex:.*" I want to use the users under the above suffix (OU=Da Vinci Coders) as users for Linux clients. At present I cannot see them (e.g command, su - nazeerm fails) as they NOT are under " cn=users,dc=internal,dc=phg,dc=com,dc=au" or " cn=people,dc=internal,dc=phg,dc=com,dc=au". Is there any easy of mapping "OU=Da Vinci Coders,OU=Portland House,OU=Sites,DC=internal,DC=phg,DC=com,DC=au" to " cn=users,dc=internal,dc=phg,dc=com,dc=au ". Thank you. Regards Nazeer *************************************************************************** CAUTION: This email message and accompanying data may contain information that is confidential and/or subject to legal privilege. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying of this message or data is prohibited. If you have received this email message in error, please notify us immediately and erase all copies of this message and attachments. Thank you. ***************************************************************************