[Date Prev][Date Next] [Chronological] [Thread] [Top]

Rewrite: LDAP proxy for AD

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Rewrite: LDAP proxy for AD
From: Nazeeruddin Mohammad <nazeerm@phg.com.au>
Date: Thu, 11 Sep 2008 15:10:17 +1000
Accept-language: en-US
Acceptlanguage: en-US
Content-language: en-US
In-reply-to: <48C7C79D.7060008@sys-net.it>
References: <BDFE1B0A0B30D44A95E67C71FB8FBB770155BA38@kelt.int.inetu.net> <48C79C2D.2070608@stroeder.com> <BDFE1B0A0B30D44A95E67C71FB8FBB77015C98E6@kelt.int.inetu.net> <48C7C79D.7060008@sys-net.it>
Thread-index: AckTRvWP5UTvn3ImS6C0AGIFkvD8oAAgrIuA
Thread-topic: Rewrite: LDAP proxy for AD

Hi,

I could able to successfully use proxy functionality to connect to an AD server using the slapd configuration below.

[SNIPPET from slap.conf]
database        ldap
suffix          "OU=Da Vinci Coders,OU=Portland House,OU=Sites,DC=internal,DC=phg,DC=com,DC=au"
subordinate
rebind-as-user
uri             "ldap://192.168.100.100/";

acl-bind
        bindmethod=simple binddn="CN=Ldap       Authentication,OU=Linux,OU=InformationTechnology,OU=Portland    House,OU=Sites,DC=internal,DC=phg,DC=com,DC=au"         credentials="test"

chase-referrals yes

idassert-bind   bindmethod=simple
                authzID="u:bind"
                mode=self
                binddn="CN=Ldap Authentication,OU=Linux,OU=InformationTechnology,OU=Portland House,OU=Sites,DC=internal,DC=phg,DC=com,DC=au"
                credentials="test "

idassert-authzFrom "dn.regex:.*"



I want to use the users under the above suffix (OU=Da Vinci Coders) as users for Linux clients.

At present I cannot see them (e.g command, su - nazeerm fails) as they NOT are under " cn=users,dc=internal,dc=phg,dc=com,dc=au" or " cn=people,dc=internal,dc=phg,dc=com,dc=au".

Is there any easy of mapping    "OU=Da Vinci Coders,OU=Portland House,OU=Sites,DC=internal,DC=phg,DC=com,DC=au" to " cn=users,dc=internal,dc=phg,dc=com,dc=au ".




Thank you.



Regards
Nazeer



***************************************************************************
CAUTION: This email message and accompanying data may contain information 
that is confidential and/or subject to legal privilege. If you are not the 
intended recipient, you are notified that any use, dissemination, 
distribution or copying of this message or data is prohibited. 
If you have received this email message in error, please notify us 
immediately and erase all copies of this message and attachments. Thank you.
***************************************************************************

References:
- LDAP proxy for AD
  - From: "Lynn York" <lyork@inetu.net>
- Re: LDAP proxy for AD
  - From: Michael Ströder <michael@stroeder.com>
- RE: LDAP proxy for AD
  - From: "Lynn York" <lyork@inetu.net>
- Re: LDAP proxy for AD
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: syncrepl - Base DN is not within the database naming context.
Next by Date: Re: [Solved] AW: Re: AW: Re: AW: Re: SASL bind with Kerberos: (was: Simple binds with SASL/GSSAPI (Resource temporarily unavailable))
Index(es):
- Chronological
- Thread