[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldapsearch query via OpenLDAP proxy to AD






I am trying to query the active directory (192.168.1.89) on my network using ldapsearch by way of an OpenLDAP proxy (192.168.1.73) using the following slapd.conf:


*************slapd.conf on 192.168.1.73******************
database        meta
suffix          "dc=corp,dc=mycompany,dc=com"
dncache-ttl     forever
lastmod         off
rootdn         "cn=Administrator,cn=users,dc=corp,dc=mycompany,dc=com"
rootpw          12345678
                                                                               
uri             "ldap://192.168.1.89/cn=users,dc=corp,dc=mycompany,dc=com";
pseudorootdn    "cn=admin2,cn=users,dc=corp,dc=mycompany,dc=com"
pseudorootpw    12345678


When I try this it works (returns results from the AD):
ldapsearch -h 192.168.1.73 -x -D cn=administrator,cn=users,dc=corp,dc=mycompany,dc=com -W -b 'dc=corp,dc=mycompany,dc=com' ''cn=tim*'

When I try this it doesn't return any results at all:
ldapsearch -h 192.168.1.73 -x -b 'dc=corp,dc=mycompany,dc=com' 'cn=tim*'

What should I change in my slapd.conf to make the second query return results? 

In other words, how do I successfully get the  back-meta to authenticate properly to the AD? 

I have been told (if I understood correctly) that the back-meta with the pseduorootdn parameter will allow this type of proxied authenticated query to work.


***************************************************************************************************
The information in this email is confidential and may be legally privileged.  Access to this email by anyone other than the intended addressee is unauthorized.  If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful.  If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system.
***************************************************************************************************