I've configured an ldap database in slapd.conf which serves as an
Directory proxy, the slapd is running on RHEL 6. My Linux openldap
clients can now browse the content of the AD. The purpose of doing this
is for user login, which is authenticated against the AD, with the home
directory information provided by the bdb database of the openldap
server. autofs is functional through the rfc2307bis formatted automount
maps. The problem is that "getent passwd username" not always work, so
the AD users are not known even though ldapsearch can always find the
user information with a proper search base set.
At the slapd server (rhel 6), nslcd (try to avoid ssl at this stage) is
being used, while at the Linux openldap clients, I compiled pam_ldap and
pam_ldap/nss_ldap are long since abandoned/unsupported. You should use
I noticed that the openldap clients use
/etc/openldap/ldap.conf as the configuration file, and nss/pam use
/etc/ldap.conf. Tried to use different BASE in the two conf files but it
didn't work for me.
I know there must be other people who's already done this, some way,
and I'll very much appreciate it if somebody can point me to some known
to work ways.
Easiest is to use a single database backend with the pbind overlay, if
the only thing you need from the remote server is authentication.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/