Hello again, can anyone share some advice ? Thank you Marco Il giorno mar 21 set 2021 alle ore 16:25 Marco Baiguera < [email protected]> ha scritto:
> Hello everyone, > I am struggling to make an openldap/meta configuration work: > i have two active directory domain/servers: dc=mysite,cd=com and > dc=other,dc=mysite,dc=com > my goal is to integrate both domains with an application who can integrate > with a SINGLE ldap source for user authentication. > i'd like to build an openldap meta/proxy to build a virtual tree with > mysite.com (empty) > --- ou=virtual, dc= mysite,dc =com > --- ou=other, dc= mysite,dc =com > > I'm working with these configuration: > database meta > suffix "dc=mysite,cd=com" > .. > uri "ldap://SRV-xxxxxx/ou=virtual, dc= mysite,dc =com" > readonly yes > lastmod off > suffixmassage "ou=virtual, dc= mysite,dc =com" "dc= mysite,dc =com" > > uri "ldap://SRV-yyyy/ou=other, dc= mysite,dc =com" > readonly yes > lastmod off > suffixmassage "ou=other, dc= mysite,dc =com" "dc=other,dc=mysite,dc=com" > > The ldap tree is accessible but the group membership is wrong: the value > of memberof attributes for every user still has the original value, not the > remapped value,for example: > cn=user,ou=someou,dc=mysite,cd=com > cn=somegroup,ou=groups,dc=mysite,cd=com > are seen by the client as > cn=user,ou=someou,ou=virtual,dc=mysite,cd=com > cn=somegroup,ou=groups,ou=virtual,dc=mysite,cd=com > but the membeof attribute of user.someou.mysite.com is > cn=somegroup,ou=groups,dc=mysite,cd=com > i expect it to be > membeof=cn=somegroup,ou=groups,ou=virtual,dc=mysite,cd=com > > Can someone advice if this is the correct way to address this problem ? > Can someone point me to the proper documentation ? > > Thank you > Marco > > > > > > > > >
