[Date Prev][Date Next] [Chronological] [Thread] [Top]

authenticate against a meta backend



I am trying to configure an openldap server / proxy where I can
authenticate against a meta backend (Active Directory). I have a local
database on the openldapserver : 
database        ldbm
suffix          "dc=flux,dc=example,dc=no"

but I want to authenticate against Active Directory :
 
database        meta
suffix          dc=ad,dc=example,dc=no
 

uri     ldap://ldapserver.example.no/ou=ansatt,dc=ad,dc=example,dc=no  
suffixmassage   ou=ansatt,dc=ad,dc=example,dc=no 
                OU=users,OU=org,DC=ansatt,DC=example,DC=no

map attribute    uid     sAMAccountname
map attribute    cn      name
map attribute    mail    userPrincipalName
map objectclass  account user
map attribute *

 
Under the OU=users I have several OU's with users. If I search the
specific sub OU I can authenticate
ldapsearch -H ldap://localhost/ -x -D
"CN=xxx,OU=Levanger,ou=ansatt,dc=ad,dc=example,dc=no" -W -x -b
"dc=flux,dc=example,dc=no"
 
but if I don't specify any sub OU I can't authenticate
ldapsearch -H ldap://localhost/   -x -D
"CN=xxx,ou=ansatt,dc=ad,dc=example,dc=no" -W -x -b
"dc=flux,dc=example,dc=no"
 
Can anyone tell me how I can authenticate against
OU=users,OU=org,DC=ansatt,DC=example,DC=no that contains several user
OU's?
 
 
 
 
 
 
 
my slapd.conf looks like this:
 
 
database        ldbm
suffix          "dc=flux,dc=example,dc=no"
 
rootdn          "cn=Manager,dc=flux,dc=example,dc=no"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          xxxxxxx
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
 
 
directory       /usr/var/openldap-data
# Indices to maintain
index cn,sn,uid pres,eq,approx,sub
index eduPersonPrincipalName pres,eq
index objectClass eq
 
# test proxy mot AD:
database        meta
suffix          dc=ad,dc=example,dc=no
 

uri     ldap://ldapserver.example.no/ou=ansatt,dc=ad,dc=example,dc=no 
suffixmassage   ou=ansatt,dc=ad,dc=example,dc=no 
                OU=users,OU=org,DC=ansatt,DC=example,DC=no

map attribute    uid     sAMAccountname
map attribute    cn      name
map attribute    mail    userPrincipalName
map objectclass  account user
map attribute *