Re: ldap meta + activedirectory

[Julien TOUCHE <julien.touche@lycos.com>]

Pierangelo Masarati a écrit :
> > === 
>> database meta
>> suffix cn=Users, dc=meta, dc=domain, dc=local uri
> > ldaps://adserver.domain.local/cn=Users,dc=domain,dc=local \ 
> > ldaps://adserver2.domain.local/cn=Users,dc=domain,dc=local
>
>
> ^^^ Only the first URI in a URI list must provide the naming context

database ldap
suffix          "dc=domain,dc=local"
uri           ldap://ldap.domain.local/cn=Users,dc=domain,dc=local
suffixmassage "cn=Users,dc=meta,dc=domain,dc=local3"
"cn=Users,dc=domain,dc=local3"
binddn  proxyuser
bindpw  xxx
TLSVerifyClient allow

# /opt/openldap2/libexec/slapd
/opt/openldap2/etc/openldap/slapd.conf: line 81: unable to parse uri
"ldap://ldap.domain.local/cn=Users,dc=domain,dc=local"; in "uri <uri>"
line: URL doesn't begin with "[c]ldap[si]://"

with: uri           ldap://ldap.domain.local
stark ok
but nothing in tree

http://www.openldap.org/lists/openldap-software/200501/msg00573.html
proxyuser exist in windows AD and is in administrator group (not really
best. if someone have more precise config ?)


> I also insist on suggesting back-ldap instead of back-meta unless you
ok, i switch :)

> version of OpenLDAP you're using, so I cannot be more specific on the
latest (2.2.20-stable) on whitebox linux/x86, i'm on test for now.

Regards

		Julien