Hi everyone,

consider the following setup:

* A central accounts OpenLDAP directory, where user credentials are stored, among others.

* An LDAP enabled service using a separate OpenLDAP directory containing service related attributes for a subject of the user objects contained in the central directory.

Is it possible to configure my servers so that users connecting to the service directory can authenticate using the credentials stored in the central directory, while the proccess stays transparent for the end user?

I know that this may be achieved by replicating user credentials to the service directory, but it would be prefered if it was done without replication.

So, is there any way doing it, either using some overlay or some means of proxy authentication?