Awesome! That works! :-) Thank you so much!
Kind regards Kevin Am Di., 31. März 2020 um 18:27 Uhr schrieb Vandenburgh, Steve Y <[email protected]>: > > There is apparently an schema file that you can include in your OpenLDAP > configuration to define the AD schema. From an old thread on the subject: > > > [...] > > slapd requires part of AD schemas in order to operate back-ldap > > properly. Thus write a private schema, providing required attribute > > types and object classes. > > The MSUser schema in OpenLDAP master may be useful for this. > > --Quanah > > > -----Original Message----- > From: Kevin Olbrich <[email protected]> > Sent: Monday, March 30, 2020 1:46 PM > To: [email protected] > Subject: Re: AD proxy / CAPITAL letters in attributes > > Am Mo., 30. März 2020 um 18:40 Uhr schrieb Howard Chu <[email protected]>: > > > > Kevin Olbrich wrote: > > > Hi! > > > > > > Thanks for your reply. I don't know what you are referring to on the > > > man page but as far as I know, this indicates, that OpenLDAP doesn't > > > know about the attribute. > > > > Exactly. > > > > > I know that but I don't care, as OpenLDAP is just a read-only proxy, > > > it does not need to know anything about the schema as it does not > > > need to validate it. > > > > If you want the attribute to stop being passed in upper case, fix your > > schema. Period, end of story. > > > > That means I need to define everything again? Both in AD and Slapd? > Either I missed something or this is very laborious. > > And there is realy no setting to disable this behaviour? > The setup where I need this is a simple DMZ (tls enforcing) proxy. > > > > > > > Is this what you mean? Otherwise I might need a hint :-( > > > > > > Kind regards > > > Kevin > > > > > > Am Sa., 28. März 2020 um 18:06 Uhr schrieb Howard Chu <[email protected]>: > > >> > > >> Kevin Olbrich wrote: > > >>> Hi! > > >>> > > >>> How can I disable the behavior of CAPITAL letters when OpenLDAP proxies > > >>> an AD? > > >>> I know they should be case insensitive but I had to debug > > >>> Rocketchat for two hours to find, they use sAMAccountName (case > > >>> sensitive) and the app crashed because mine was named SAMACCOUNTNAME. > > >>> (I will open a bug there but I bet there is a lot of broken SW). > > >> > > >> Read the slapd-ldap(5) manpage. These attributes are shown in all > > >> capital letters to make you aware that you have a broken > > >> configuration. Fix it and they will return to normal. > > > > -- > > -- Howard Chu > > CTO, Symas Corp. > > https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fwww.symas.com&umid=8E0ADA3C-A221-9905-BC8C-5F2773CA2777&auth=19120be9529b25014b618505cb01789c5433dae7-cc64298259c4952c2cceb5b69fddc6fee7ba274c > > Director, Highland Sun > > https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fhighlandsun.com%2fhyc%2f&umid=8E0ADA3C-A221-9905-BC8C-5F2773CA2777&auth=19120be9529b25014b618505cb01789c5433dae7-804c5f5849a0341524afc784adf3ab58da202d22 > > Chief Architect, OpenLDAP > > https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http% > > 3a%2f%2fwww.openldap.org%2fproject%2f&umid=8E0ADA3C-A221-9905-BC8C-5F2 > > 773CA2777&auth=19120be9529b25014b618505cb01789c5433dae7-62363daa58ac2c > > 8dfb02409d8f32b817d1a5b870 > > This communication is the property of CenturyLink and may contain > confidential or privileged information. Unauthorized use of this > communication is strictly prohibited and may be unlawful. If you have > received this communication in error, please immediately notify the sender by > reply e-mail and destroy all copies of the communication and any attachments.
