Automatic Translation to Search for Zone Users

If you integrate the Server Suite Agent with a software environment that has limited configuration options, a standard ldapsearch query might fail to return zone users and groups. If you encounter this issue, you can use a configuration parameter to automatically translate a standard search for Active Directory users and groups into a search query for zone users and groups.

You can set the ldapproxy.cdctranslate.fetchbydnuid parameter in the slapd.conf configuration file to true if you want a search for Active Directory users and groups to be automatically translated into a search for zone users and groups. The default is false. After changing the parameter setting, you should restart the centrify-ldapproxy service.

Note that the translation only applies if the ldapproxy.cdctranslate.fetchbydnuid parameter is set to true, and the following additional conditions are in the search request:

  • For the search base, the first part of the DN must be "uid=unixname"

  • The search scope base must be (0)

  • The search filter must be (objectClass=*)

For example, automatic translation is performed if you run a command similar to the following after changing the ldapproxy.cdctranslate.fetchbydnuid parameter to true and restarting the centrify-ldapproxy service:

ldapsearch -x -D "cn=zoe,OU=ajax,dc=acme,dc=org" -w 1234abcepassword
-h localhost "(objectClass=*)" -b "uid=zoe,OU=ajax,dc=acme,dc=org"
-s base