[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap meta + activedirectory



Julien TOUCHE wrote:


has anyone any experience to make openldap connect in meta on an
activedirectory ?

Yes.


what uri/binddn/acl do you use ? which rights on windows domain has bind user ?

URI: ldap:// or ldaps://; the latter may require tweaking OpenLDAP's ldap.conf to provide appropriate CA certificate or to disable CA cert checking as considered appropriate; see ldap.conf(5) for details.
ACL: is up to what further restrictions you want to set on data disclosed by the remote server
binddn: I don't understand what you mean. You need a valid identity to authenticate. If you mean the "BINDDN" directive in ldap.conf(5), that's the default identity you intend to use; but back-meta won't likely work because a password is expected, and none is being provided. If you mean the "binddn" (and "bindpw") directive(s) in slapd-meta(5), that identity is simply used for internal operations, so it has to be a valid identity but it's not going to help in overriding restrictions on anonymous access. If you need to somehow override anonymous access restrictions, I suggest you take a look at the "identity assertion" feature of back-ldap (not released yet; it's been in HEAD code, and documented on the FAQ <http://www.openldap.org/faq/data/cache/532.html> for nearly a year, though).


p.



   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497