OpenLDAP server as transparent proxy to Active Directory

The example slapd.conf file below shows how to configure the LDAP slapd back end to talk to an Active Directory (AD) server. It's important to note that AD doesn't allow anonymous searches so valid credentials must be provided and used by the LDAP back end when BINDing.

#==============================================================================
# ===============================================
# slapd.conf - configuration file for LDAP server
# ++ Transparent proxy to Active Directory server
# ===============================================

moduleload              back_ldap

include                 /etc/openldap/schema/core.schema
include                 /etc/openldap/schema/cosine.schema
include                 /etc/openldap/schema/nis.schema
include                 /etc/openldap/schema/inetorgperson.schema

pidfile                 /var/run/openldap/slapd.pid
argsfile                /var/run/openldap/slapd.args

sizelimit               unlimited

idletimeout             3600
writetimeout            600

database                ldap
suffix                  "dc=ad,dc=unsw,dc=edu,dc=au"
uri                     "ldap://ad.unsw.edu.au"
chase-referrals         no
idassert-bind           bindmethod=simple
                        mode=self
                        binddn="CN=ACCOUNT,DC=ad,DC=unsw,DC=edu,DC=au"
                        credentials="PASSWORD"
idassert-authzFrom      "dn.regex:.*"

access                  to *
                        by * read

#==============================================================================