Hello.
I use OpenLDAP as proxy for M$ AD. The problem is: I can set filter only by some fileds like CN or Name. I can't query AD by sAMAccountName via proxy Also I can't see many AD-specific fileds while browsing AD via OpenLDAP proxy.
Request to proxy:
ldapsearch -M -LLL -H ldap://localhost:389 -x -D "cn=aduser,ou=allusers,ou=itdep,dc=domain,dc=company,dc=com" -w password -x -b "dc=domain,dc=company,dc=com" '(sAMAccountName=bogdan.rudas)' sAMAccountName
Return nothing.
Request directly to AD LDAP:
ldapsearch -M -LLL -H ldap://ADserver.domain.company.com:1234 -x -D "cn=aduser,ou=allusers,ou=itdep,dc=domain,dc=company,dc=com" -w password -x -b "dc=domain,dc=company,dc=com" '(sAMAccountName=bogdan.rudas)' cn
Returns:
dn: CN=Bogdan Rudas.......skipped.... cn: Bogdan Rudas
Yet another request to proxy:
ldapsearch -M -LLL -H ldap://ADserver.domain.company.com:1234 -x -D "cn=aduser,ou=allusers,ou=itdep,dc=domain,dc=company,dc=com" -w password -x -b "dc=domain,dc=company,dc=com" '(name=Bogdan Rudas)' cn sAMAccountName
dn: cn=Bogdan Rudas.......skip..... cn: Bogdan Rudas SAMACCOUNTNAME: bogdan.rudas
Slapd version 2.4.11-1 Running on Debian 5.0 amd64
OpenLDAP config:
include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/ldap moduleload back_ldap
access to dn.base="" by * read access to * by self read by users read by anonymous auth
loglevel 256
###################################################### # database definitions ######################################################
database ldap suffix "dc=intra,dc=nival,dc=com" uri "ldap://ADserver.domain.company.com:1234" acl-bind bindmethod=simple binddn="cn=aduser,ou=allusers,ou=itdep,dc=domain,dc=company,dc=com" credentials=password chase-referrals yes