I have configured OpenLDAP to act as a proxy server via meta backend to do remote queries to two different companies' Active Directory servers. Everything works correctly in terms of pulling information from both domains. However... we have a case where two of the same sAMAccountname gets pulled and that causes issues for one of the web application we are using.(The web application requires one search base hence why I am going with a meta solution)
Here is my config
database meta
suffix "dc=example,dc=com"
rootdn "cn=admin,dc=example,dc=com"
rootpw "supers3cr3tpass"
conn-ttl 3600
access to * by * auth
sizelimit 1
uri "ldap://<companyA>/dc=example,dc=com"
readonly yes
lastmod off
suffixmassage "dc=example,dc=com" "dc=companyA,dc=com"
map attribute uid sAMAccountName
idassert-bind bindmethod=simple
binddn="CN=UserA,DC=companyA,DC=corp"
credentials="something"
idassert-authzFrom "*"
idle-timeout 300
keepalive 180:3:60
network-timeout 5
timeout 10
uri "ldap://companyB/dc=example,dc=com"
readonly yes
lastmod off
suffixmassage "dc=example,dc=com" "dc=companyB,dc=com"
map attribute uid sAMAccountName
idassert-bind bindmethod=simple
binddn="CN=UserB,DC=companyB,DC=com"
credentials="dontknow"
idassert-authzFrom "*"
idle-timeout 300
keepalive 180:3:60
network-timeout 5
timeout 10
I know there is a sizelimit clause where you can limit the search query but it does not apply to the rootdn which I am using to do the lookups/binds.
I am wondering...
- Is there a way to return only one result from the search query?
- Am I able to use another account that has the DN ending with dc=example,dc=com to do the bind and lookup? Theoretically, this should apply the sizelimit clause.
Any advice and answer is appreciated.
Thanks in advance!
