On 30/06/2010 12:14, Tunguskin Petr wrote:
Hello.
I have one program which can authenticate with LDAP server and Active Directory with read access. I need to authenticate extra users, but I can't add them to Active Directory for security reasons. Program can work with only one LDAP source.
I have tryed to use openldap chain overlay to join local and remote LDAP databases with refferals. Search works fine, but bind operation doesn't work, openldap writes error: <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)
Is it possible to bind to remote LDAP records with chain overlay?
database bdb suffix "dc=local" rootdn "cn=ldapadmin,dc=local" rootpw 12345678
directory /var/lib/ldap
overlay chain chain-uri "ldap://10.1.1.1/" chain-rebind-as-user TRUE chain-cache-uri true chain-chaining resolve=chainingRequired continuation=chainingRequired chain-idassert-bind bindmethod="simple" binddn="cn=ldapuser,cn=Users,dc=test,dc=local" credentials="123" mode="none"
Could you recommend another solution?
Yes, using a proxy with multiple backends. See slapd-meta(5), and this recent question on this list:
http://www.openldap.org/lists/openldap-technical/201006/msg00225.html
Regards, Jonathan