My aim is to have an OpenLDAP Metadirectory that proxy authentication from 2 different Active Directories. OpenLDAP is on a Centos 7 VM.
This is what my slapd.conf for meta configuration look like:
#######################################################################
# database definitions
######################################################################
# database meta
database meta
suffix "dc=proxy,dc=domain1,dc=local"
rootdn "cn=ldapadm,dc=proxy,dc=domain1,dc=local"
rootpw "ldappassword"
# dir1
uri "ldap://domain1.local/dc=proxy,dc=domain1,dc=local"
lastmod off
readonly yes
suffixmassage "dc=proxy,dc=domain1,dc=local" "dc=domain1,dc=local"
idassert-bind bindmethod=simple
binddn="cn=cc-admin,dc=domain1,dc=local"
credentials="password"
mode=none
flags=non-prescriptive
idassert-authzFrom "dn.exact:cn=ldapadm,dc=proxy,dc=domain1,dc=local"
# dir2
uri "ldap://cs-server.domain2.local/dc=proxy,dc=domain1,dc=local"
lastmod off
readonly yes
suffixmassage "dc=proxy,dc=domain1,dc=local" "dc=domain2,dc=local"
idassert-bind bindmethod=simple
binddn="cn=cs-admin,dc=proxy,dc=domain2,dc=local"
credentials="password"
mode=none
flags=non-prescriptive
idassert-authzFrom "dn.exact:cn=ldapadm,dc=proxy,dc=domain1,dc=local"
overlay rwm
rwm-map attribute uid sAMAccountName
I also added to proxy.domain1.local to /etc/hosts/ next to 127.0.0.1
the problem is when I :
ldapsearch -x -h proxy.domain1.local -D "cn=ldapadm,dc=proxy,dc=domain1,dc=local" -w ldappassword -b "cn=cc-admin,cn=users,dc=proxy,dc=domain1,dc=local"
I get :
# extended LDIF
#
# LDAPv3
# base <cn=cc-admin,cn=users,dc=proxy,dc=domain1,dc=local> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
I don't get the info of cc-admin user which is a user from domain1
what am I missing?