Am Thu, 07 Jun 2012 22:14:37 +0200 schrieb Smarti9@gmx.de:
Hi everybody,
I'm quite new to openldap and I'm currently trying to find a solution for the following problem:
To populate an address book I need to read users and some attributes from an Active Directory. I need to map several attributes to a new attribute name. More important is to filter on active users and skip the disabled ones. My address book application is not able to do this, it can simply query the whole AD.
My idea was to use openldap as some kind of proxy between the application and the AD. I've setup openldap with the following configuration:
database ldap suffix "dc=xxxx,dc=local" uri "ldap://192.168.50.1" rebind-as-user protocol-version 3 overlay rwm rwm-map attribute uid samaccountname rwm-map attribute address street
This works perfect for getting the data out of the AD and remap the attribute names. Unfortunately I wasn't able to restrict the results to active users. The query string which does this looks like this:
"(&(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
Can anyone please point me to the right direction how I can set this as a filter towards the AD to only get back the results matching this filter?
man slapo-rwm(5), define a rewrite context based on searchFilter
-Dieter