Hi,
I try to config the openldap access multi AD like this link
http://ltb-project.org/wiki/documentation/general/sasl_delegation
but Some success but not when I change the rwm-suffuxmassage part from
OU=LonUsers,dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au
to
dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au
Looks like the meta can't do sub search from root DN of AD. Any comments
are appreciate.
the user account in AD is
e.g. CN=Jeffrey
Lee,OU=Technology,OU=LonUsers,DC=63stmarys,DC=uk,DC=westpac,DC=com,DC=au
it works OK if in slapd.conf
rwm-suffixmassage
"ou=63stmarys.uk.westpac.com.au,dc=wib,dc=westpac,dc=com,dc=au"
"OU=LonUsers,dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au"
But NOT work
rwm-suffixmassage
"ou=63stmarys.uk.westpac.com.au,dc=wib,dc=westpac,dc=com,dc=au"
"dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au"
Looks like meta ldap cannot search from root of AD? when I set serach
base dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au but it start to work one
level down,
OU=LonUsers,DC=63stmarys,DC=uk,DC=westpac,DC=com,DC=au
Any comments? or please let me know what is the best place to look for the
answer.
Below is my slapd.conf
database ldap
suffix "ou=63stmarys.uk.westpac.com.au
,dc=wib,dc=westpac,dc=com,dc=au"
uri ldaps://10.25.240.35
idassert-bind bindmethod=simple
binddn="CN=SRV-WIBUNIX,OU=Technology,OU=LonUsers,DC=63stmarys,DC=uk,DC=westpac,DC=com,DC=au"
credentials="xxxxxxxxxxxxxxxxx"
mode=none
flags=non-prescriptive
idassert-authzFrom "dn.exact:cn=Manager,dc=wib,dc=westpac,dc=com,dc=au"
overlay rwm
rwm-suffixmassage
"ou=63stmarys.uk.westpac.com.au,dc=wib,dc=westpac,dc=com,dc=au"
"OU=LonUsers,dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au"
rwm-map attribute uid userPrincipalName
rwm-map attribute * *
Regards
--
Jeffrey Lee
_______________________________________________
ltb-users mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-users
