Hi,
Or Goshen a écrit :
Hello
I have the following situation and would like to know your opinion on the matter:
I have 2 slapd servers A and B, both require simple authentication and are not open for anonymous access. What I would like to do is setup a node on A that would reference the root of B and would allow me to perform read/write to it.
I tried so far:
- Setup a "referral" objectClass on A in the following manner:
dn: dc=B,ou=Subservers,dc=example,dc=com dc: B objectClass: referral objectClass: extensibleObject ref: ldap://B/dc=example,dc=com
That didnt work since B requires authentication. So I tried this:
dn: dc=B,ou=Subservers,dc=example,dc=com dc: B objectClass: referral objectClass: extensibleObject ref: ldap://??B??!bindname=cn=Manager%2cdc=example%2cdc=com/dc=example,dc=com
Didnt work either (authentication extension not supported ?).
- slapd apparently supports an "ldap" backend/database. Problem is that
there is no real documentation here http://www.openldap.org/doc/admin24/slapdconf2.html or here http://www.openldap.org/doc/admin24/slapdconfig.html on how to set them up. Anybody ever setup such a database/backend ? does it support authentication ? any examples I can take a look at ?
You'll find information on about the ldap backend in the FAQ: http://www.openldap.org/faq/data/cache/532.html
I have used them quite a few times, either back-ldap or back-meta. They both support authentication.
I dont want to replication B on A, I just want to act as a proxy.
Proxy is definitely the way to go, using rewrite to integrate your B server in A's tree (see man slapo-rwm).
Regards, Jonathan