Simon Maier wrote:
I have a tricky Question, at least I think it ist. At the computing center of our university we use a groupware (openxchange). This gropware needs a LDAP server with write access. For this reason it can't be integrated into the centralised LDAP of the university. Still it's the idea, that the users are authenticated against the central password store. The problem is the passwords should not be synchronised with the centralised database/LDAP-server for security reasons. For the same reasons the use of the ldap backend
How is the naming defined in the directories? If name spaces are distinct I'd use back-ldap to search user entries during authentication and use the DNs of the central LDAP directory in the access control of the Groupware directory (e.g. directly in ACLs or in group entries).
Ciao, Michael.