[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap meta + activedirectory



Pierangelo Masarati a écrit :
URI: ldap:// or ldaps://; the latter may require tweaking OpenLDAP's
 ldap.conf to provide appropriate CA certificate or to disable CA
cert checking as considered appropriate; see ldap.conf(5) for
details.
for example, is this ok ?
===
database meta
suffix cn=Users, dc=meta, dc=domain, dc=local
uri ldaps://adserver.domain.local/cn=Users,dc=domain,dc=local \
	ldaps://adserver2.domain.local/cn=Users,dc=domain,dc=local
bindn "cn=proxyuser,cn=Users,dc=domain,dc=local"
bindpw "{MD5}secret"
TLS_REQCERT allow
lastmod off
===
which rights need to have proxy user ? Administrators ? or is there
anything more precise ?

ACL: is up to what further restrictions you want to set on data disclosed by the remote server
for now, only an authentification server which use AD, so only name,
username, pw will be used on first glance.

<http://www.openldap.org/faq/data/cache/532.html> for nearly a year,
ok.

thanks
Regards

		Julien