Hi everyone,
I'm stopped with technical stuff tryin' to deploy a specific backend meta.
(see here : http://www.openldap.org/lists/openldap-software/200701/msg00190.html
and here : http://www.openldap.org/lists/openldap-software/200701/msg00272.html )
So iI will try to explain what I want, and maybe what I'm tryin' to do is not the best way :)
The background :
1) there is a general openldap directory existing D1, on which I just have a system account to read its data --> no anonymous bind permitted to access the data, I need to call ldapsearch this way to retrieve any results :
ldapsearch -x -D "cn=toto,ou=system,dc=univ-paris7,dc=fr" -w xxxx -H ldaps://ldap.univ-paris.fr -b "ou=people,dc=univ-paris7,dc=fr" cn mail -LLL
2) the fact is that I need authentication datas on people who are not in that directory D1, so I have to build my own ldap directory D2; and I don't want any data redundancy between D1 and D2 --> D1 (union) D2 = empty set
3) to have an unique way to get authentication in Apache for example, in order that people from D1 AND D2 can access, I've been thinkin' that the best solution was to deploy a openldap meta backend D3 that would transmit the authentication requests both to D1 and D2. --> D1 and D2 are D3's targets.
Is this the simplest way ? are there any solutions to implement that ?
The technical stuff
See the previous posts to see what stops me. Directory with anonymous binds don't have any problems to be targeted, but as soon as authentication is needed, access is refused whenever I give a dn to authenticate ...
Thanks,