Jonathan van der Wat wrote:
I'm new to OpenLDAP and am trying to implement the following:
User authentication (PAM + SSSD) on CentOS Linux servers via OpenLDAP proxy to Active Directory. I am able to perform the following search from the OpenLDAP proxy without any apparent issues:
[root@openldap ~]# ldapsearch -x -h /mydomaincontroller/ -LLL -b dc=msad,dc=inet,dc=com -D cn=ldap,cn=users,dc=msad,dc=inet,dc=com -W '(sAMAccountName=jonathanv)' cn sAMAccountName
Enter LDAP Password: dn: CN=jonathan,CN=Users,DC=msad,DC=inet,DC=com cn: jonathan sAMAccountName: jonathanv
# refldap://ForestDnsZones.msad.inet.com/DC=ForestDnsZones,DC=msad,DC=inet,DC=com
# refldap://DomainDnsZones.msad.inet.com/DC=DomainDnsZones,DC=msad,DC=inet,DC=com
# refldap://msad.inet.com/CN=Configuration,DC=msad,DC=inet,DC=com*
However, when asking the OpenLDAP proxy:
*[root@openldap ~]# ldapsearch -x -h /localhost/ -LLL -b dc=msad,dc=inet,dc=com -D cn=ldap,cn=users,dc=msad,dc=inet,dc=com -W '(sAMAccountName=jonathanv)' cn sAMAccountName
Enter LDAP Password: # refldap://ForestDnsZones.msad.inet.com/DC=ForestDnsZones,DC=msad,DC=inet,DC=com
# refldap://DomainDnsZones.msad.inet.com/DC=DomainDnsZones,DC=msad,DC=inet,DC=com
# refldap://msad.inet.com/CN=Configuration,DC=msad,DC=inet,DC=com*
Have a look in the proxy log. I guess you did not add the attribute type description for sAMAccountName to the proxy's schema.
Ciao, Michael.