Bogdan B. Rudas wrote:
Hello.
I use OpenLDAP as proxy for M$ AD. The problem is: I can set filter only by some fileds like CN or Name. I can't query AD by sAMAccountName via proxy Also I can't see many AD-specific fileds while browsing AD via OpenLDAP proxy.
Request to proxy:
ldapsearch -M -LLL -H ldap://localhost:389 -x -D "cn=aduser,ou=allusers,ou=itdep,dc=domain,dc=company,dc=com" -w password -x -b "dc=domain,dc=company,dc=com" '(sAMAccountName=bogdan.rudas)' sAMAccountName
Return nothing.
Request directly to AD LDAP:
ldapsearch -M -LLL -H ldap://ADserver.domain.company.com:1234 -x -D "cn=aduser,ou=allusers,ou=itdep,dc=domain,dc=company,dc=com" -w password -x -b "dc=domain,dc=company,dc=com" '(sAMAccountName=bogdan.rudas)' cn
Returns:
dn: CN=Bogdan Rudas.......skipped.... cn: Bogdan Rudas
Yet another request to proxy:
ldapsearch -M -LLL -H ldap://ADserver.domain.company.com:1234 -x -D "cn=aduser,ou=allusers,ou=itdep,dc=domain,dc=company,dc=com" -w password -x -b "dc=domain,dc=company,dc=com" '(name=Bogdan Rudas)' cn sAMAccountName
dn: cn=Bogdan Rudas.......skip..... cn: Bogdan Rudas SAMACCOUNTNAME: bogdan.rudas
Slapd version 2.4.11-1 Running on Debian 5.0 amd64
OpenLDAP config:
include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/ldap moduleload back_ldap
access to dn.base="" by * read access to * by self read by users read by anonymous auth
loglevel 256
###################################################### # database definitions ######################################################
database ldap suffix "dc=intra,dc=nival,dc=com" uri "ldap://ADserver.domain.company.com:1234" acl-bind bindmethod=simple binddn="cn=aduser,ou=allusers,ou=itdep,dc=domain,dc=company,dc=com" credentials=password chase-referrals yes
Your proxy knows nothing about those schema items, that's why they are ignored by slapd. You need to extract that information from AD, format it according to slapd's syntax for "attributeType" and "objectClass" keyworks in slapd.conf(5) and pre-load them muck like you do with other schema items (the "include <file>.schema" lines above).
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------