Pierangelo Masarati [masarati@aero.polimi.it] kirjoitti:
Ok, thanks for the clarification. I guess that my goal to have an Active Directory proxied properly is not going to happen. I would need a complete AD schema for OpenLDAP, and that's probably now available anywhere.
Well, this may not be entirely true, although I'm not 100% sure this works as intended in your case. In fact, slapd is relatively picky about knowing a definition of entities it needs to use. In your case, the objectClass you're using in the filter, and any attribute you may use in a filter. However, as soon as data whose definition is not known are returned by a proxy, slapd can live with them under the assumption they won't be used for anything special. So if you search an entry
dn: cn=Some Name,dc=some,dc=org objectClass: fancyObject cn: Some Name fancyAttr: fancy stuff
using the objectClass or fancyAttr in the filter, they need to be known by slapd; however, if you just search for anything below dc=some,dc=org, and that entry is returned by the proxy, slapd will record fancyObject and fancyAttr for future reference, although in a non-persistent manner (the next time you start slapd you'll need it to learn again about their existence).
p.
openldap-technical@openldap.org
-
masarati@aero.polimi.it -
Petteri Heinonen