Good day.
I would like to use the slapd-ldap backend as a proxy to Active Directory (Windows Server 2008 R2).
Firstly, AD can be queried directly:
$ ldapsearch -LLL -D "cn=John Doe,cn=users,dc=support,dc=com" -w okay -H ldap://ad.support.com -b cn=users,dc=support,dc=com '(sAMAccountName=jdoe)' cn sAMAccountName
dn: CN=John Doe,CN=Users,DC=support,DC=com cn: John Doe sAMAccountName: jdoe
Now, I have the following in slapd:
========== dn: cn=module{1},cn=config objectClass: olcModuleList cn: module{1} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_ldap
dn: olcDatabase={2}ldap,cn=config objectClass: olcDatabaseConfig objectClass: olcLDAPConfig olcDatabase: {2}ldap olcDbURI: ldap://ad.support.com olcDbRebindAsUser: TRUE olcDbChaseReferrals: TRUE olcSuffix: cn=users,dc=support,dc=com ==========
But when querying via the slapd instance I don't get anything back:
$ ldapsearch -D "cn=John Doe,cn=users,dc=support,dc=com" -w okay -H ldap://slapd.example.com -b cn=users,dc=support,dc=com '(sAMAccountName=jdoe)' cn sAMAccountName
# extended LDIF # # LDAPv3 # base <cn=users,dc=support,dc=com> with scope subtree # filter: (sAMAccountName=jdoe) # requesting: cn sAMAccountName #
# search result search: 2 result: 32 No such object
# numResponses: 1
I can query my normal/local DIT fine (even while authenticating as the remote AD user, which looks weird):
$ ldapsearch -D "cn=John Doe,cn=users,dc=support,dc=com" -w okay -H ldap://slapd.example.com -b dc=example,dc=com '(ou=People)' cn
# extended LDIF # # LDAPv3 # base <dc=example,dc=com> with scope subtree # filter: (ou=People) # requesting: cn #
# People, example.com dn: ou=People,dc=example,dc=com
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
What am I missing? TIA.