This may be a stupid question, but I’m trying to replicate a customer’s OpenLDAP configuration to test some authentication issues they are reporting with one of our applications. I haven’t worked with OpenLDAP before but have dealt with MS AD/LDAP a lot in the past. I can’t quite seem to get the last change to work.
This customer is using “o=My Organization,c=US” instead of “dc=myorganization,dc=com” for the authentication string format. Authentication works fine on the test server using the “dc=myorganization,dc=com” format, but how do I change it to use the organization name/country format instead? I can’t find a definitive answer online anywhere for OpenLDAP and I haven’t stumbled onto the answer messing around with the configuration utilities yet either.
The object to which you refer is known as the
root suffixorsuffixor sometimesprefix. The suffix must be supported by the directory server in order to successfully process requests using that suffix or a subordinate of the suffix – at least one of the suffixes supported by the server must beo=My Organization,c=US(most professional-quality servers support multiple suffixes and backends) and the data must be loaded into that backend.If you have access to the data that uses the
dc=...suffix, change all instances of thedc=...suffix too=My Organization,c=USin a file. Create a backend in your OpenLDAP configuration that supportso=My Organization,c=US, and then import your file containing LDIF (that you changed) into that backend. The details of creating a new backend with the appropriate suffix is documented at the OpenLDAP website.Alternatively, a directory proxy server could be used to transform the incoming requests.