Jonathan van der Wat wrote: > I'm new to OpenLDAP and am trying to implement the following: > > User authentication (PAM + SSSD) on CentOS Linux servers via OpenLDAP proxy to > Active Directory. I am able to perform the following search from the OpenLDAP > proxy without any apparent issues: > * > [root@openldap ~]# ldapsearch -x -h /mydomaincontroller/ -LLL -b > dc=msad,dc=inet,dc=com -D cn=ldap,cn=users,dc=msad,dc=inet,dc=com -W > '(sAMAccountName=jonathanv)' cn sAMAccountName > > Enter LDAP Password: > dn: CN=jonathan,CN=Users,DC=msad,DC=inet,DC=com > cn: jonathan > sAMAccountName: jonathanv > > # refldap://ForestDnsZones.msad.inet.com/DC=ForestDnsZones,DC=msad,DC=inet,DC=com > > # refldap://DomainDnsZones.msad.inet.com/DC=DomainDnsZones,DC=msad,DC=inet,DC=com > > # refldap://msad.inet.com/CN=Configuration,DC=msad,DC=inet,DC=com* > > However, when asking the OpenLDAP proxy: > > *[root@openldap ~]# ldapsearch -x -h /localhost/ -LLL -b > dc=msad,dc=inet,dc=com -D cn=ldap,cn=users,dc=msad,dc=inet,dc=com -W > '(sAMAccountName=jonathanv)' cn sAMAccountName > > Enter LDAP Password: > # refldap://ForestDnsZones.msad.inet.com/DC=ForestDnsZones,DC=msad,DC=inet,DC=com > > # refldap://DomainDnsZones.msad.inet.com/DC=DomainDnsZones,DC=msad,DC=inet,DC=com > > # refldap://msad.inet.com/CN=Configuration,DC=msad,DC=inet,DC=com* Have a look in the proxy log. I guess you did not add the attribute type description for sAMAccountName to the proxy's schema. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature