Hello everyone, I am struggling to make an openldap/meta configuration work: i have two active directory domain/servers: dc=mysite,cd=com and dc=other,dc=mysite,dc=com my goal is to integrate both domains with an application who can integrate with a SINGLE ldap source for user authentication. i'd like to build an openldap meta/proxy to build a virtual tree with mysite.com (empty) --- ou=virtual, dc= mysite,dc =com --- ou=other, dc= mysite,dc =com
I'm working with these configuration: database meta suffix "dc=mysite,cd=com" .. uri "ldap://SRV-xxxxxx/ou=virtual, dc= mysite,dc =com" readonly yes lastmod off suffixmassage "ou=virtual, dc= mysite,dc =com" "dc= mysite,dc =com"
uri "ldap://SRV-yyyy/ou=other, dc= mysite,dc =com" readonly yes lastmod off suffixmassage "ou=other, dc= mysite,dc =com" "dc=other,dc=mysite,dc=com"
The ldap tree is accessible but the group membership is wrong: the value of memberof attributes for every user still has the original value, not the remapped value,for example: cn=user,ou=someou,dc=mysite,cd=com cn=somegroup,ou=groups,dc=mysite,cd=com are seen by the client as cn=user,ou=someou,ou=virtual,dc=mysite,cd=com cn=somegroup,ou=groups,ou=virtual,dc=mysite,cd=com but the membeof attribute of user.someou.mysite.com is cn=somegroup,ou=groups,dc=mysite,cd=com i expect it to be membeof=cn=somegroup,ou=groups,ou=virtual,dc=mysite,cd=com
Can someone advice if this is the correct way to address this problem ? Can someone point me to the proper documentation ?
Thank you Marco
Hello again, can anyone share some advice ? Thank you Marco
Il giorno mar 21 set 2021 alle ore 16:25 Marco Baiguera < ing.baiguera@gmail.com> ha scritto:
Hello everyone, I am struggling to make an openldap/meta configuration work: i have two active directory domain/servers: dc=mysite,cd=com and dc=other,dc=mysite,dc=com my goal is to integrate both domains with an application who can integrate with a SINGLE ldap source for user authentication. i'd like to build an openldap meta/proxy to build a virtual tree with mysite.com (empty) --- ou=virtual, dc= mysite,dc =com --- ou=other, dc= mysite,dc =com
I'm working with these configuration: database meta suffix "dc=mysite,cd=com" .. uri "ldap://SRV-xxxxxx/ou=virtual, dc= mysite,dc =com" readonly yes lastmod off suffixmassage "ou=virtual, dc= mysite,dc =com" "dc= mysite,dc =com"
uri "ldap://SRV-yyyy/ou=other, dc= mysite,dc =com" readonly yes lastmod off suffixmassage "ou=other, dc= mysite,dc =com" "dc=other,dc=mysite,dc=com"
The ldap tree is accessible but the group membership is wrong: the value of memberof attributes for every user still has the original value, not the remapped value,for example: cn=user,ou=someou,dc=mysite,cd=com cn=somegroup,ou=groups,dc=mysite,cd=com are seen by the client as cn=user,ou=someou,ou=virtual,dc=mysite,cd=com cn=somegroup,ou=groups,ou=virtual,dc=mysite,cd=com but the membeof attribute of user.someou.mysite.com is cn=somegroup,ou=groups,dc=mysite,cd=com i expect it to be membeof=cn=somegroup,ou=groups,ou=virtual,dc=mysite,cd=com
Can someone advice if this is the correct way to address this problem ? Can someone point me to the proper documentation ?
Thank you Marco
openldap-technical@openldap.org
-
Marco Baiguera