[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap meta + activedirectory



Pierangelo Masarati a écrit :

===
>> database meta
>> suffix cn=Users, dc=meta, dc=domain, dc=local uri
ldaps://adserver.domain.local/cn=Users,dc=domain,dc=local \ ldaps://adserver2.domain.local/cn=Users,dc=domain,dc=local


^^^ Only the first URI in a URI list must provide the naming context

database ldap suffix "dc=domain,dc=local" uri ldap://ldap.domain.local/cn=Users,dc=domain,dc=local suffixmassage "cn=Users,dc=meta,dc=domain,dc=local3" "cn=Users,dc=domain,dc=local3" binddn proxyuser bindpw xxx TLSVerifyClient allow

# /opt/openldap2/libexec/slapd
/opt/openldap2/etc/openldap/slapd.conf: line 81: unable to parse uri
"ldap://ldap.domain.local/cn=Users,dc=domain,dc=local"; in "uri <uri>"
line: URL doesn't begin with "[c]ldap[si]://"

with: uri           ldap://ldap.domain.local
stark ok
but nothing in tree

http://www.openldap.org/lists/openldap-software/200501/msg00573.html
proxyuser exist in windows AD and is in administrator group (not really
best. if someone have more precise config ?)


I also insist on suggesting back-ldap instead of back-meta unless you

ok, i switch :)

version of OpenLDAP you're using, so I cannot be more specific on the

latest (2.2.20-stable) on whitebox linux/x86, i'm on test for now.

Regards

		Julien