Re: [Ltb-users] openldap access multi AD questions

Tue, 23 Jul 2013 14:35:09 -0700 

2013/7/23 Jeffrey Lee <[email protected]>:
> Hi,
> I try to config the openldap access multi AD like this link
> http://ltb-project.org/wiki/documentation/general/sasl_delegation
> but Some success but not when I change the rwm-suffuxmassage part from
> OU=LonUsers,dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au
> to
> dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au
>
> Looks like the meta can't do sub search from root DN of AD. Any comments are
> appreciate.
>
> the user account in AD is
> e.g.  CN=Jeffrey
> Lee,OU=Technology,OU=LonUsers,DC=63stmarys,DC=uk,DC=westpac,DC=com,DC=au
>
>
>  it works OK if in slapd.conf
> rwm-suffixmassage
> "ou=63stmarys.uk.westpac.com.au,dc=wib,dc=westpac,dc=com,dc=au"
> "OU=LonUsers,dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au"
>
> But NOT work
> rwm-suffixmassage
> "ou=63stmarys.uk.westpac.com.au,dc=wib,dc=westpac,dc=com,dc=au"
> "dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au"
>
> Looks like meta ldap cannot search from root of AD?   when I set serach base
> dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au but it start to work one level
> down,
> OU=LonUsers,DC=63stmarys,DC=uk,DC=westpac,DC=com,DC=au
>
> Any comments? or please let me know what is the best place to look for the
> answer.
>
>
> Below is my slapd.conf
> database        ldap
> suffix
> "ou=63stmarys.uk.westpac.com.au,dc=wib,dc=westpac,dc=com,dc=au"
> uri             ldaps://10.25.240.35
>
> idassert-bind   bindmethod=simple
>
> binddn="CN=SRV-WIBUNIX,OU=Technology,OU=LonUsers,DC=63stmarys,DC=uk,DC=westpac,DC=com,DC=au"
>                 credentials="xxxxxxxxxxxxxxxxx"
>                 mode=none
>                 flags=non-prescriptive
> idassert-authzFrom      "dn.exact:cn=Manager,dc=wib,dc=westpac,dc=com,dc=au"
>
> overlay rwm
> rwm-suffixmassage
> "ou=63stmarys.uk.westpac.com.au,dc=wib,dc=westpac,dc=com,dc=au"
> "OU=LonUsers,dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au"
> rwm-map attribute uid userPrincipalName
> rwm-map attribute * *
>
> Regards
>


Hi,


in Active Directory, you have a lot of referals under the suffix. One
solution is to use the global catalog
(http://technet.microsoft.com/en-us/library/how-global-catalog-servers-work%28v=ws.10%29.aspx)
by changing port 389 in port 3268. Global catalog is read-only.


Clément.
_______________________________________________
ltb-users mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-users

Reply via email to