Re: (RESOLVED) users from ldap (active directory)
- Instead of using AD Global Catalog (port 3268) can be used, this somehow helped.
search_base must be empty
resulting map file looks:
server_host = 10.100.5.1:3268
bind = yes
bind_dn = CN=mailgw,OU=SYS,DC=XXXX,DC=lan
bind_pw = password
scope = sub
result_attribute = mail
result_format = %s OK
query_filter = (&(objectClass=person)(mail=%s))
version = 3
On Thu, Mar 31, 2011 at 8:30 PM, Victor Duchovni <Victor.Duchovni@...> wrote:On Thu, Mar 31, 2011 at 08:26:17PM +0300, vadim korsak wrote:Because you are getting a referral, it can be either because the search
> result_format = %s OK
> is OK, this is checked in other places
> >You need to use a search base that will not trigger a referral, or
> >use the right LDAP server. Alternatively, the LDAP server may need
> >to be configured to grant additional access to your "mailgw" id.
> why you think this is access problem?
base is wrong, or in perhaps because access is retricted. Don't expect
referrals to work, if the referral is to a different LDAP source or
if referrals require application logic (are not handled transparently
in the OpenLDAP library).