I'm trying to configure a third party product to obtain the list of valid
users based on a group membership in a corporate active directory server.
The third party product is not capable of querying for users based on group
membership. It can only use an OU or objectClass. The corporate AD server
has a very broad "All Users" OU and we can't add an OU or objectClass to AD
I would like to configure an OpenLDAP proxy using that can dynamically
create an OU by querying the members of a group. Is this possible using
overlays? Another possibility is that try to synchronize OpenLDAP with AD
based on a filter that includes membership in only one group. Would either
of these methods work or is there another solution I haven't mentioned?
Show replies by date