[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
slapd-ldap as proxy to active directory
- To: openldap-technical@openldap.org
- Subject: slapd-ldap as proxy to active directory
- From: Juan Miscaro <jmiscaro@gmail.com>
- Date: Wed, 14 Dec 2011 15:40:34 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=2fz4rUzoIjZuN5t9AG1mC8syGsWsfKCCiioiZROWWhc=; b=bPDjC4b0s3o42AeWk4HsKTqSMNj1BKyp4pKJ6Hw/px4EzLmhjr+6uduvNwUxMWGWZ6 qXiWvDBCUnZOoobbmuySN9RGnlIiBtJUYg2VzE6Rr03+opmXL1D9O9lGpB2ncsej11lj D/kja5Z2gZjG3TofzBjImFPeknEyTxIxyDQUs=
Good day.
I would like to use the slapd-ldap backend as a proxy to Active
Directory (Windows Server 2008 R2).
Firstly, AD can be queried directly:
$ ldapsearch -LLL -D "cn=John Doe,cn=users,dc=support,dc=com" -w okay
-H ldap://ad.support.com -b cn=users,dc=support,dc=com
'(sAMAccountName=jdoe)' cn sAMAccountName
dn: CN=John Doe,CN=Users,DC=support,DC=com
cn: John Doe
sAMAccountName: jdoe
Now, I have the following in slapd:
==========
dn: cn=module{1},cn=config
objectClass: olcModuleList
cn: module{1}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_ldap
dn: olcDatabase={2}ldap,cn=config
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: {2}ldap
olcDbURI: ldap://ad.support.com
olcDbRebindAsUser: TRUE
olcDbChaseReferrals: TRUE
olcSuffix: cn=users,dc=support,dc=com
==========
But when querying via the slapd instance I don't get anything back:
$ ldapsearch -D "cn=John Doe,cn=users,dc=support,dc=com" -w okay -H
ldap://slapd.example.com -b cn=users,dc=support,dc=com
'(sAMAccountName=jdoe)' cn sAMAccountName
# extended LDIF
#
# LDAPv3
# base <cn=users,dc=support,dc=com> with scope subtree
# filter: (sAMAccountName=jdoe)
# requesting: cn sAMAccountName
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
I can query my normal/local DIT fine (even while authenticating as the
remote AD user, which looks weird):
$ ldapsearch -D "cn=John Doe,cn=users,dc=support,dc=com" -w okay -H
ldap://slapd.example.com -b dc=example,dc=com '(ou=People)' cn
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (ou=People)
# requesting: cn
#
# People, example.com
dn: ou=People,dc=example,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
What am I missing? TIA.
--
/jm