Instead of using AD Global Catalog (port 3268) can be used, this somehow helped. search_base must be empty
resulting map file looks: server_host = 10.100.5.1:3268 search_base = bind = yes bind_dn = CN=mailgw,OU=SYS,DC=XXXX,DC=lan bind_pw = password scope = sub result_attribute = mail result_format = %s OK query_filter = (&(objectClass=person)(mail=%s)) version = 3 On Thu, Mar 31, 2011 at 8:30 PM, Victor Duchovni < victor.ducho...@morganstanley.com> wrote: > On Thu, Mar 31, 2011 at 08:26:17PM +0300, vadim korsak wrote: > > > result_format = %s OK > > is OK, this is checked in other places > > > > >You need to use a search base that will not trigger a referral, or > > >use the right LDAP server. Alternatively, the LDAP server may need > > >to be configured to grant additional access to your "mailgw" id. > > > > why you think this is access problem? > > Because you are getting a referral, it can be either because the search > base is wrong, or in perhaps because access is retricted. Don't expect > referrals to work, if the referral is to a different LDAP source or > if referrals require application logic (are not handled transparently > in the OpenLDAP library). > > -- > Viktor. >
