[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP Proxy to AD of User Objects with full/correct schema

On 11/22/2012 11:33 PM, Alex Samad - Yieldbroker wrote:

please do not top post.


Pretty sure I tried that
Go back and give it another test.

How does it different between anon and non anon binds to openldap

So if its an
anon to openldap ->  I want to bind with the supplied credentials
non anon to openldap -> I want to bind with the supplied credential that are supplied to openldap from the client

Does that make sense ?

Thanks
Alex


-----Original Message-----
From: Pierangelo Masarati [mailto:masarati@aero.polimi.it]
Sent: Friday, 23 November 2012 8:30 AM
To: Alex Samad - Yieldbroker
Cc: Mailing Lists; openldap-technical@openldap.org
Subject: RE: OpenLDAP Proxy to AD of User Objects with full/correct schema



I would be interested in this.

Where you able to get it to convert anonymous searches on openldap to
non anon searches into ad

So I wanted to be able to search email addresses from ad from openldap
. I created a read only userid for ad. But I could never work  out how
to configure openldap to use the given user/password when there was a
anon request.


within the "ldap" database specification:

idassert-bind   bindmethod=simple
                 binddn="cn=substitute-identity"
                 credentials="password"
                 mode=none
idassert-authzFrom dn.exact:""


idassert-bind   bindmethod=simple
                binddn="cn=substitute-identity"
                credentials="password"
                mode=none
		flags=non-prescriptive
idassert-authzFrom dn.exact:""
Please note this has always been documented in slapd-ldap(5) since the introduction of the idassert-bind feature. Please read the manual for further help. 

p.


--
Pierangelo Masarati
Associate Professor
Dipartimento di Ingegneria Aerospaziale
Politecnico di Milano








--
Pierangelo Masarati
Associate Professor
Dipartimento di Ingegneria Aerospaziale
Politecnico di Milano