Andrew Findlay andrew.findlay@skills-1st.co.uk writes:
On Wed, May 14, 2008 at 10:49:02AM +0200, Dieter Kluenter wrote:
Just to make sure, there are two directories, one that provides information on authentication and authorization, the second directory provides some additional iformation. If that is your request, than you may have a look at the translucent overlay.
That would depend on whether the two servers had identical namespaces (tree layout, choice of RDN etc).
I have a similar requirement at the moment except that I only want to use the second LDAP server to authenticate for a small proportion of the entries in the first one. The namespaces are very different. I think it can be done with a combination of rwm, back-ldap/back-meta and slapd-relay, but this seems rather complex when all I really need is 'pass-through authentication'.
I will report back to the list if I come up with a workable solution, but in the mean time does anyone have any pointers to a neat way of doing this?
I have done similar with back-sql
database sql suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" ...
database relay suffix "ou=sql-user,o=avci,c=de" relay dc=example,dc=com overlay rwm rwm-rewriteEngine on rwm-rewriteMap <rules> subordinate
database hdb suffix "o=avci,c=de" rootdn "cn=admin,o=avci,c=de" ...
-Dieter