Re: Using rewrite and map (slapo-rwm) to unify subordinate OpenLDAP with Active Directory

["Andrew Kay" <andrewjkay@gmail.com>]

Howard,

Thanks for your reply.  My apologies for not replying sooner but I've
been away from a computer.

Could you please advise as to where I should insert the overlay
directives in the following configuration file?  My understanding was
that because the OpenLDAP administered portion of the directory
(ou=Exranet, ou=XYZ, dc=xyz, dc=com) would have to be specified first
and use the subordinate directive.  I'm running version 2.3.30.

database        bdb
suffix          "ou=Extranet, ou=XYZ, dc=xyz, dc=com"
subordinate
rootdn          "cn=Manager, ou=Extranet, ou=XYZ, dc=xyz, dc=com"
rootpw          secret
directory       /usr/local/var/openldap-data
index           objectClass eq

database        ldap
suffix          "ou=XYZ, dc=xyz, dc=com"
uri             "ldap://dc1";

acl-bind
      bindmethod=simple
      binddn="cn=Andrew Kay, ou=Users, ou=XYZ, dc=xyz, dc=com"
      credentials="secret"

idassert-bind
      bindmethod=simple
      binddn="cn=Andrew Kay, ou=Users, ou=XYZ, dc=xyz, dc=com"
      credentials="secret"
      mode=none
      authzId="dn:cn=Andrew Kay, ou=Users, ou=XYZ, dc=xyz, dc=com"

idassert-authzFrom "dn.children:ou=XYZ, dc=xyz, dc=com"

overlay         rwm
rwm-map         objectclass inetOrgPerson user
rwm-map         objectclass groupOfNames group
rwm-map         attribute uid sAMAccountname
rwm-map         attribute cn name
rwm-map         attribute sn sn
rwm-map         attribute mail mail
rwm-map         attribute member member
rwm-map         attribute *