There is apparently an schema file that you can include in your OpenLDAP configuration to define the AD schema. From an old thread on the subject:
> [...] > slapd requires part of AD schemas in order to operate back-ldap > properly. Thus write a private schema, providing required attribute > types and object classes. The MSUser schema in OpenLDAP master may be useful for this. --Quanah -----Original Message----- From: Kevin Olbrich <[email protected]> Sent: Monday, March 30, 2020 1:46 PM To: [email protected] Subject: Re: AD proxy / CAPITAL letters in attributes Am Mo., 30. März 2020 um 18:40 Uhr schrieb Howard Chu <[email protected]>: > > Kevin Olbrich wrote: > > Hi! > > > > Thanks for your reply. I don't know what you are referring to on the > > man page but as far as I know, this indicates, that OpenLDAP doesn't > > know about the attribute. > > Exactly. > > > I know that but I don't care, as OpenLDAP is just a read-only proxy, > > it does not need to know anything about the schema as it does not > > need to validate it. > > If you want the attribute to stop being passed in upper case, fix your > schema. Period, end of story. > That means I need to define everything again? Both in AD and Slapd? Either I missed something or this is very laborious. And there is realy no setting to disable this behaviour? The setup where I need this is a simple DMZ (tls enforcing) proxy. > > > > Is this what you mean? Otherwise I might need a hint :-( > > > > Kind regards > > Kevin > > > > Am Sa., 28. März 2020 um 18:06 Uhr schrieb Howard Chu <[email protected]>: > >> > >> Kevin Olbrich wrote: > >>> Hi! > >>> > >>> How can I disable the behavior of CAPITAL letters when OpenLDAP proxies > >>> an AD? > >>> I know they should be case insensitive but I had to debug > >>> Rocketchat for two hours to find, they use sAMAccountName (case > >>> sensitive) and the app crashed because mine was named SAMACCOUNTNAME. > >>> (I will open a bug there but I bet there is a lot of broken SW). > >> > >> Read the slapd-ldap(5) manpage. These attributes are shown in all > >> capital letters to make you aware that you have a broken > >> configuration. Fix it and they will return to normal. > > -- > -- Howard Chu > CTO, Symas Corp. > https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fwww.symas.com&umid=8E0ADA3C-A221-9905-BC8C-5F2773CA2777&auth=19120be9529b25014b618505cb01789c5433dae7-cc64298259c4952c2cceb5b69fddc6fee7ba274c > Director, Highland Sun > https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fhighlandsun.com%2fhyc%2f&umid=8E0ADA3C-A221-9905-BC8C-5F2773CA2777&auth=19120be9529b25014b618505cb01789c5433dae7-804c5f5849a0341524afc784adf3ab58da202d22 > Chief Architect, OpenLDAP > https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http% > 3a%2f%2fwww.openldap.org%2fproject%2f&umid=8E0ADA3C-A221-9905-BC8C-5F2 > 773CA2777&auth=19120be9529b25014b618505cb01789c5433dae7-62363daa58ac2c > 8dfb02409d8f32b817d1a5b870 This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
