Le 21/08/2017 à 16:51, Palacios, Christian a écrit :
We need to find out if OpenLDAP will allow us to use it as a proxy so
it can retrieve users from three different Windows Active Directory
Domains? These three domains do not have any similar users. The user
retrieval process needs to work like this:
-The application that needs this LDAP connection will point to the
OpenLDAP server using an LDAP address such as
-This application will also need to retrieve the sAMAccountName from
each user retrieved via the OpenLDAP server
-The application’s LDAP connection settings also need to specify an
Administrator’s DN and password, but I’m confused about this because I
don’t know what Administrator account to use. Like I said, each
domain has their own set of users so they don’t have any Administrator
accounts in common. How would this work?
If you need any more information, please let me know!!
I am implementing such service for a customer right now.
You need to use OpenLDAP back-meta and define a uri parameter for each
AD. In this uri parameter, you will be able to set which account is used
to request AD.
Here is a very simple configuration sample:
suffixmassage dc=ad1,dc=example,dc=com dc=acme,dc=com
rwm-map attribute uid sAMAccountName
rwm-map attribute * *
You can also find some hints on back-meta configuration on this page:
OpenLDAP manpage : man slapd-meta
Another solution is to create a central LDAP Directory by synchronizing
data from all AD into it. The LSC project can help you to do that:
Hope it helps,
Consultant en logiciels libres, Expert infrastructure et sécurité
137 boulevard de Magenta - 75010 PARIS