[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Authenticating OpenLDAP client with AD
- To: openldap-technical@openldap.org
- Subject: Authenticating OpenLDAP client with AD
- From: Vinay Kalkoti <kalkoti.vinay@gmail.com>
- Date: Sat, 23 Oct 2010 15:52:52 +0530
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=P9dWrA5W310ShPFX6j6TTRm5RtAlmHSOGvIGjVIbxRc=; b=WaF1VrBFzOwuL5ucDQWT9uzlyjuA+WySrDLh9RMmg2CI1i25lci50BOalyVsjyK5PD zAXBPG4IGdyjMTa935LdfS80Ny5p+S0oxXX7elUkZjQkbphwRRFbBjigN7aIEfRjkn0H xkFY4cSlTDM7gPpgjWuYkcqqbI9voALW6p/Ts=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=xeh2LrU4zPS03ypcIEWsefR7y1OHFSSdcU2+39WSjw4ID7ia9RbAujYtVcHgoOnmfE qo7Uk+PWw+TzckRZWSfJUPYt3ZFIiEOkBDTmDFhwhigJCP6RT3DPab0bGh7LvJlr3DHm iOJXoN6kBQH52r1ZIPaWHNanf6P895AW+0Kl0=
Hi,
I am working on authenticating OpenLDAP client with AD server. I saw
lots of examples which map the rfc2307bis schema using nss_schema
attribute in ldap.conf file
# Enable support for RFC2307bis (distinguished names in group
# members)
nss_schema rfc2307bis
and also, map the attributes of the rfc2307bis to the AD server schema
attributes.
nss_map_attribute uid msSFU30Name
nss_map_attribute uidNumber msSFU30UidNumber
nss_map_attribute gidNumber msSFU30GidNumber
nss_map_attribute loginShell msSFU30LoginShell
nss_map_attribute gecos name
nss_map_attribute userPassword msSFU30Password
nss_map_attribute homeDirectory msSFU30HomeDirectory
Isn't there a way I can fetch the schema from the AD server and set it
using nss_schema ?.
Basically, I am looking at fetching the schema/objectClass/Attributes
from the LDAP/AD server and make them as a client schema's so that I
don't have to keep doing the mapping using nss_map_attribute and
nss_schema.
I am new to LDAP world, and I am sorry if I my question doesn't make any sense.
I have seen lots of enterprise products which integrate with LDAP/AD.
They provide a user interface to map the server side schema
objectClass and attributes. I am trying to see if I can get rid of
this and do it internally.
Thanks,
Vinay