Automatic Translation to Search for Zone Users
If you integrate the Server Suite Agent with a software environment that has limited configuration options, a standard ldapsearch query might fail to return zone users and groups. If you encounter this issue, you can use a configuration parameter to automatically translate a standard search for Active Directory users and groups into a search query for zone users and groups.
You can set the ldapproxy.cdctranslate.fetchbydnuid
parameter in the slapd.conf
configuration file to true if you want a search for Active Directory users and
groups to be automatically translated into a search for zone users and groups.
The default is false. After changing the parameter setting, you should restart
the centrify-ldapproxy
service.
Note that the translation only applies if the
ldapproxy.cdctranslate.fetchbydnuid
parameter is set to true, and the following
additional conditions are in the search request:
-
For the search base, the first part of the DN must be "uid=unixname"
-
The search scope base must be (0)
-
The search filter must be (objectClass=*)
For example, automatic translation is performed if you run a command similar to
the following after changing the ldapproxy.cdctranslate.fetchbydnuid parameter
to true and restarting the centrify-ldapproxy
service:
ldapsearch -x -D "cn=zoe,OU=ajax,dc=acme,dc=org" -w 1234abcepassword
-h localhost "(objectClass=*)" -b "uid=zoe,OU=ajax,dc=acme,dc=org"
-s base