Hi Clement, Thanks for you advise. I have tried on the uri part uri ldap://OUR CATALOG SERVER:3268 doesn't work?? Please give me some comment?
Below is my slapd.conf meta database ldap suffix "ou=63stmarys.uk.westpac.com.au ,dc=wib,dc=westpac,dc=com,dc=au" uri ldaps://OUR CATALOG SERVER:3268 <http://10.25.240.35> idassert-bind bindmethod=simple binddn="CN=SRV-WIBUNIX,OU=Technology,OU=LonUsers,DC=63stmarys,DC=uk,DC=westpac,DC=com,DC=au" credentials="xxxxxxxxxxxxxxxxx" mode=none flags=non-prescriptive idassert-authzFrom "dn.exact:cn=Manager,dc=wib,dc=westpac,dc=com,dc=au" overlay rwm rwm-suffixmassage "ou=63stmarys.uk.westpac.com.au,dc=wib,dc=westpac,dc=com,dc=au" "OU=LonUsers,dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au" rwm-map attribute uid userPrincipalName rwm-map attribute * * Regards Jeffrey On Tue, Jul 23, 2013 at 5:20 PM, Clément OUDOT <[email protected]> wrote: > 2013/7/23 Jeffrey Lee <[email protected]>: > > Hi, > > I try to config the openldap access multi AD like this link > > http://ltb-project.org/wiki/documentation/general/sasl_delegation > > but Some success but not when I change the rwm-suffuxmassage part from > > OU=LonUsers,dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au > > to > > dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au > > > > Looks like the meta can't do sub search from root DN of AD. Any comments > are > > appreciate. > > > > the user account in AD is > > e.g. CN=Jeffrey > > Lee,OU=Technology,OU=LonUsers,DC=63stmarys,DC=uk,DC=westpac,DC=com,DC=au > > > > > > it works OK if in slapd.conf > > rwm-suffixmassage > > "ou=63stmarys.uk.westpac.com.au,dc=wib,dc=westpac,dc=com,dc=au" > > "OU=LonUsers,dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au" > > > > But NOT work > > rwm-suffixmassage > > "ou=63stmarys.uk.westpac.com.au,dc=wib,dc=westpac,dc=com,dc=au" > > "dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au" > > > > Looks like meta ldap cannot search from root of AD? when I set serach > base > > dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au but it start to work one level > > down, > > OU=LonUsers,DC=63stmarys,DC=uk,DC=westpac,DC=com,DC=au > > > > Any comments? or please let me know what is the best place to look for > the > > answer. > > > > > > Below is my slapd.conf > > database ldap > > suffix > > "ou=63stmarys.uk.westpac.com.au,dc=wib,dc=westpac,dc=com,dc=au" > > uri ldaps://10.25.240.35 > > > > idassert-bind bindmethod=simple > > > > > binddn="CN=SRV-WIBUNIX,OU=Technology,OU=LonUsers,DC=63stmarys,DC=uk,DC=westpac,DC=com,DC=au" > > credentials="xxxxxxxxxxxxxxxxx" > > mode=none > > flags=non-prescriptive > > idassert-authzFrom > "dn.exact:cn=Manager,dc=wib,dc=westpac,dc=com,dc=au" > > > > overlay rwm > > rwm-suffixmassage > > "ou=63stmarys.uk.westpac.com.au,dc=wib,dc=westpac,dc=com,dc=au" > > "OU=LonUsers,dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au" > > rwm-map attribute uid userPrincipalName > > rwm-map attribute * * > > > > Regards > > > > > Hi, > > > in Active Directory, you have a lot of referals under the suffix. One > solution is to use the global catalog > ( > http://technet.microsoft.com/en-us/library/how-global-catalog-servers-work%28v=ws.10%29.aspx > ) > by changing port 389 in port 3268. Global catalog is read-only. > > > Clément. > -- Jeffrey Lee ,-_|\ Email : [email protected] / \ Homepage: www.jeffreyhklee.com \_,-\_* v
_______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
