Hi,
I'm hoping someone can help me out on this. At the moment I have this setup:
database ldap suffix "ou=foo.com,o=mail" uri "ldap://4.4.4.4:389/" rootdn "cn=Overlord,dc=foo,dc=com"
idassert-bind bindmethod=simple binddn="cn=BAR LDAP Proxy Account,cn=Users,dc=bar,dc=local" credentials="w00tz0r" mode=none flags=override,prescriptive
rebind-as-user yes
overlay rwm rwm-suffixmassage "dc=bar,dc=local"
rwm-map attribute proxyAddresses * rwm-map attribute sAMAccountName * rwm-map attribute cn * rwm-map attribute givenName * rwm-map attribute mail * rwm-map attribute sn * rwm-map attribute *
4.4.4.4 is an Active Directory server.
This seems to work fine for simple searches and the like again ou=foo.com,o=mail, however I need to setup an application against it. The way the application works for authentication is it uses an openldap service account, finds the user's email address in the directory via proxy, then tries to rebind as that user to the directory via proxy.
I'm imagining this setup doesn't work because of the service account handling the bind for the actual directory search transparently, you can't just bind as a user through it. (specifically, I get inappropriateAuthentication/error code 48)
Is there a way to implement what I need?
Thanks for any help in advance.
-Chris
openldap-technical@openldap.org