Dieter Kluenter wrote:
Andreas Moroder<andreas.moroder(a)sb-brixen.it> writes:
> we have a web application that autenticates via openldap. Now a second
> hospital should use this same application, but they have their own
> autentication server, active directory in this case.
> In our network the users authenticate giving their username ( amoroder
> in my case ) and password. Is it possible to configure openldap to
> redirect the bind request to the remote server when the username
> contains an extension like jsmith@remote ? Does this work with AD as
> second/remote authentication server ?
What you are requesting is some sort of X.500 DAP services plus the
service of a virtual directory. This could partly be achieved with
It can be entirely achieved with OpenLDAP. Using the rewrite overlay to map
usernames, you can then relay the requests to either a local DB or back-ldap.
it would be easier to put a virtual directory in front of
OpenLDAP and AD and have all users to authenticate against the virtual
OpenLDAP is already capable of acting as a virtual directory....
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/