Hi. I’m new to this list, but risk diving right in with a question:

 

I am wondering whether the following scenario is possible to implement using OpenLDAP:

 

We are a sub-organization within a larger organization and want to perform authentication against the central LDAP server yet augment query results with attributes from from the DIT of our own LDAP server. In effect, providing a virtual DIT hiding the details of which attributes comes from where to the applications using it.

 

It is not just a matter of delegation, more of a selective merge of the attributes available in the 2 DITs. An example:

 

Central DIT:

            cn: someone

            userPassword: something

            mail: someone@somewhere.org

            irrelevantAttribute: whatever

 

Our DIT:

            uid: someone

            inProjects: someProject, someOtherProject

 

Virtual DIT (auth’ed against Central DIT):

            uid: someone

            mail: someone@somewhere.org

            inProjects: someProject, someOtherProject

 

Commercial products such as the Symlabs Directory Extender promise such capabilities but I’d like to stick with an open solution in at all possible. I guess it might possibly be implemented in a custom back_perl handler, but is it possible to achieve using fx back_meta or some other “native” OpenLDAP configuration?

 

Thanks in advance,

   /\/\\ads Troest