[Date Prev][Date Next] [Chronological] [Thread] [Top]

userPrincipalName not mapping correctly



After exhausting my efforts, I've given in to asking for help.  I'm
hoping for an ldap God here on the mailing list.  I apologize in
advance if I picked the wrong list to post this question to.

I've got openldap v. 2.1.30 setup on a gentoo box.  I've got
everything setup, and working correctly except active directory
mappings.  NOW .... I realize that this question might get asked a
bit, but I'm really stuck on this.

I've mapped the attributes and objectclasses in
/etc/openldap/slapd.conf like such:

map attribute uid sAMAcountName
map objectclass posixAccount user
map objectclass account user
map attribute cn name
map objectclass posixGroup Group
map attribute mail userPrincipalName

I can use ldapbrowser from a windows machine and bind against the
server using client auth, and anonymous binding.  If I use ldapbrowser
and do a directory search, it reports no userPrincipalName's or
sAMAccountNames's.  It can find the uid's and mail information ok.

The reason I'm so concerned, is that I've got a serverfarm of IBM
xSeries servers with the RSA installed.  The IBM RSA will bind four
ways.  Client, Anonymous, userprincipalname, and strict user principal
name.  I need all four to work.

Why aren't my mappings working?

btw, softerra ldap browser rocks!

Jeremy West
--
"I have the heart of a little child, and the brain of a genius.
   ... and I keep them in a jar under my bed"


-- 
"I have the heart of a little child, and the brain of a genius.
   ... and I keep them in a jar under my bed"