[Date Prev][Date Next] [Chronological] [Thread] [Top]

Openldap RWM/AD Bind

To: openldap-technical@openldap.org
Subject: Openldap RWM/AD Bind
From: Chris Natter <chris.natter@secure-24.com>
Date: Wed, 11 Feb 2009 13:33:40 -0500
Content-disposition: inline
User-agent: Mutt/1.5.13 (2006-08-11)

Hi,

I'm hoping someone can help me out on this. At the moment I have this
setup:

database        ldap
suffix          "ou=foo.com,o=mail"
uri             "ldap://4.4.4.4:389/";
rootdn          "cn=Overlord,dc=foo,dc=com"

idassert-bind   bindmethod=simple
                binddn="cn=BAR LDAP Proxy Account,cn=Users,dc=bar,dc=local"
                credentials="w00tz0r"
                mode=none
                flags=override,prescriptive

rebind-as-user  yes

overlay         rwm
rwm-suffixmassage "dc=bar,dc=local"

rwm-map attribute       proxyAddresses *
rwm-map attribute       sAMAccountName *
rwm-map attribute       cn *
rwm-map attribute       givenName *
rwm-map attribute       mail *
rwm-map attribute       sn *
rwm-map attribute       *

4.4.4.4 is an Active Directory server.

This seems to work fine for simple searches and the like again ou=foo.com,o=mail, however I need to setup an application against it. The way the application works for authentication is it uses an openldap service account, finds the user's email address in the directory via proxy, then tries to rebind as that user to the directory via proxy. 

I'm imagining this setup doesn't work because of the service account handling the bind for the actual directory search transparently, you can't just bind as a user through it. (specifically, I get inappropriateAuthentication/error code 48)

Is there a way to implement what I need? 

Thanks for any help in advance.

-Chris

Prev by Date: ssh certificate ldap
Next by Date: LDAP at the UKUUG Spring 2009 Conference
Index(es):
- Chronological
- Thread