Re: Redirect bind requests to another server
Dieter Kluenter wrote:
Andreas Moroder<andreas.moroder(a)sb-brixen.it> writes:
> Hello,
>
> we have a web application that autenticates via openldap. Now a second
> hospital should use this same application, but they have their own
> autentication server, active directory in this case.
>
> In our network the users authenticate giving their username ( amoroder
> in my case ) and password. Is it possible to configure openldap to
> redirect the bind request to the remote server when the username
> contains an extension like jsmith@remote ? Does this work with AD as
> second/remote authentication server ?
What you are requesting is some sort of X.500 DAP services plus the
service of a virtual directory. This could partly be achieved with
OpenLDAP,
It can be entirely achieved with OpenLDAP. Using the rewrite overlay to map
usernames, you can then relay the requests to either a local DB or back-ldap.
it would be easier to put a virtual directory in front of
OpenLDAP and AD and have all users to authenticate against the virtual
directory[1].
OpenLDAP is already capable of acting as a virtual directory....
-Dieter
Footnotes:
[1] http://penrose.safehaus.org/Home
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/