Hello All,
I have a requirement for a new infrastructure we are building.
Our organization has a AD holding all employees' account. I maintain a separate OpenLDAP server with other users' that are not employees. Both the groups (employees and non-employees) need access to a group of Linux/Windows/Solaris/Mac servers.
I want the employees to authenticate against AD and non-employees to authenticate against OpenLDAP server. Also all the Unix-related attributes for employees and all attributes for non-employees must come from OpenLDAP server.
I think this should be achievable by some combination of referral and the OpenLDAP directory design. I just can't seem to get the right idea, though. Any suggestions/pointers?
TIA, Prakash
At 06:41 PM 1/12/2007, Prakash Velayutham wrote:
I think this should be achievable by some combination of referral and the OpenLDAP directory design. I just can't seem to get the right idea, though. Any suggestions/pointers?
Assuming the client has no mechanism to determine which server to use, I suggest you configure them authenticate against the openldap server and configure the openldap server to chain requests for the context(s) held by the remote server to the remote servers.
-- Kurt
openldap-software@openldap.org
-
Kurt D. Zeilenga -
Prakash Velayutham