[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
authenticate against a meta backend
- To: <openldap-software@OpenLDAP.org>
- Subject: authenticate against a meta backend
- From: "Susegg, Jan" <Jan.Susegg@hint.no>
- Date: Thu, 22 Sep 2005 12:41:47 +0200
- Content-class: urn:content-classes:message
- Thread-index: AcW+sO2VxVRZJiR9TjCjsjgycjPEVQ==
- Thread-topic: authenticate against a meta backend
I am trying to configure an openldap server / proxy where I can
authenticate against a meta backend (Active Directory). I have a local
database on the openldapserver :
database ldbm
suffix "dc=flux,dc=example,dc=no"
but I want to authenticate against Active Directory :
database meta
suffix dc=ad,dc=example,dc=no
uri ldap://ldapserver.example.no/ou=ansatt,dc=ad,dc=example,dc=no
suffixmassage ou=ansatt,dc=ad,dc=example,dc=no
OU=users,OU=org,DC=ansatt,DC=example,DC=no
map attribute uid sAMAccountname
map attribute cn name
map attribute mail userPrincipalName
map objectclass account user
map attribute *
Under the OU=users I have several OU's with users. If I search the
specific sub OU I can authenticate
ldapsearch -H ldap://localhost/ -x -D
"CN=xxx,OU=Levanger,ou=ansatt,dc=ad,dc=example,dc=no" -W -x -b
"dc=flux,dc=example,dc=no"
but if I don't specify any sub OU I can't authenticate
ldapsearch -H ldap://localhost/ -x -D
"CN=xxx,ou=ansatt,dc=ad,dc=example,dc=no" -W -x -b
"dc=flux,dc=example,dc=no"
Can anyone tell me how I can authenticate against
OU=users,OU=org,DC=ansatt,DC=example,DC=no that contains several user
OU's?
my slapd.conf looks like this:
database ldbm
suffix "dc=flux,dc=example,dc=no"
rootdn "cn=Manager,dc=flux,dc=example,dc=no"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw xxxxxxx
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/var/openldap-data
# Indices to maintain
index cn,sn,uid pres,eq,approx,sub
index eduPersonPrincipalName pres,eq
index objectClass eq
# test proxy mot AD:
database meta
suffix dc=ad,dc=example,dc=no
uri ldap://ldapserver.example.no/ou=ansatt,dc=ad,dc=example,dc=no
suffixmassage ou=ansatt,dc=ad,dc=example,dc=no
OU=users,OU=org,DC=ansatt,DC=example,DC=no
map attribute uid sAMAccountname
map attribute cn name
map attribute mail userPrincipalName
map objectclass account user
map attribute *