Hello,
I've a tricky problem to solve. We are working with OpenLDAP 2.2.30. To improve the end user comfort we like to configure a special behavior of our LDAP.
The authentification-request which our LDAP gets should first forwarded to an other LDAP server (primary LDAP). Just if the authentification failed on the primary LDAP server our LDAP should try to authentificate by himself.
Background: The primary LDAP server is very inflexible. We just can use it for user authentification. For authorization we have to use our good old own LDAP ;-)
Has anyone a clue how I've to configure our OpenLDAP ?
Every hint is welcome.
Thanks in advance,
Klaus
ems@sparkassen-informatik.de wrote:
I've a tricky problem to solve. We are working with OpenLDAP 2.2.30.
You should definitely upgrade your OpenLDAP installation since status of 2.2.x is historic. Which means there are no (security) updates anymore. Nada!
The authentification-request which our LDAP gets should first forwarded to an other LDAP server (primary LDAP). Just if the authentification failed on the primary LDAP server our LDAP should try to authentificate by himself.
This can be achieved with back-meta/back-ldap. Depending on your name space (uid, DNs) and the search behaviour of your LDAP clients the setup is simple or a little bit more tricky. Again: For this to be successful you should deploy a recent version of OpenLDAP since there has been many changes and fixes also to back-ldap/back-meta/slapo-rwm.
Ciao, Michael.
openldap-software@openldap.org