Dear group, I would like to ask you for the little help with the newbie first immersion into LDAP. The problem is, that I need to build LDAP proxy, that will connect information from two MS ADs into one meta LDAP. But all the beginers tutorials start from the building of the new fresh LDAP database on the server, so it's very hard for me to catch the first clues...
My situation: Debian with openLDAP and two Microsoft Win2008 servers with AD. The commands from Linux server: ldapsearch -x -H ldap://192.168.0.10 -D "ldap-user" -w password -b "ou=studenti,dc=student,dc=intra" and ldapsearch -x -H ldap://192.168.100.5 -D "ldap-user" -w password -b "dc=panska,dc=intra"
are fully functional and returning the results I need.
But when I try to config openLDAP server just to play role of proxy between the client and AD server it is not working and I cannot find why. One of my attempts to set ldap.conf:
loglevel 255 database ldap suffix "ou=studenti,dc=student,dc=intra" uri "ldap://192.168.0.10/"
binddn "name=ldap-user" bindpw password
I'm trying the functionality by the command: ldapsearch -x -H ldap://localhost -D "ldap-user" -w password -b "ou=studenti,dc=student,dc=intra" or ldapsearch -x -H ldap://localhost "ou=studenti,dc=student,dc=intra"
Could somebody give me a tip, how to set the ldap.conf to do just this simple proxying for the begining? How can I track what is going on, if the openLDAP at least tries to send something to MS AD server and if yes, what is the structure of his query (the loglevel 255 doesn't seem to be very helpfull)?
Sorry for that newbie type of question and thanks in advance for any info
Jakub
On 05/03/13 12:17 +0000, Šerých Jakub wrote:
Dear group,
I would like to ask you for the little help with the newbie first immersion into LDAP. The problem is, that I need to build LDAP proxy, that will connect information from two MS ADs into one meta LDAP. But all the beginers tutorials start from the building of the new fresh LDAP database on the server, so it's very hard for me to catch the first clues...
My situation: Debian with openLDAP and two Microsoft Win2008 servers with AD. The commands from Linux server: ldapsearch -x -H ldap://192.168.0.10 -D "ldap-user" -w password -b "ou=studenti,dc=student,dc=intra" and ldapsearch -x -H ldap://192.168.100.5 -D "ldap-user" -w password -b "dc=panska,dc=intra"
are fully functional and returning the results I need.
But when I try to config openLDAP server just to play role of proxy between the client and AD server it is not working and I cannot find why. One of my attempts to set ldap.conf:
loglevel 255 database ldap suffix "ou=studenti,dc=student,dc=intra" uri "ldap://192.168.0.10/"
binddn "name=ldap-user" bindpw password
Your binddn does not match your -D option above. Regardless, ldap.conf is the wrong configuration file to configure slapd with. ldap.conf is used to configure the openldap client libraries and utilities (such as ldapsearch).
See the OpenLDAP Administrator's Guide for configuration details. Specifically Chapters 5 and 11 (11.2).
Also, you can type 'apropos slap' to see a list of slapd related man pages.
openldap-technical@openldap.org
-
Dan White -
Šerých Jakub