Is it possible to do this WITHOUT having a local user database on the OpenLDAP proxy?  We will have thousands of users that will need to authenticate, and I can't maintain another user database (adds, removes, etc..).  Is there a way to make OpenLDAP just act more like a reverse proxy and forward anything that matches a specific domain on to the internal LDAP/AD server for password verification?