On Fri, Apr 19, 2013 at 09:49:36AM +0000, Šerých Jakub wrote:
I manage the school network in which we have two separate MS-AD servers (one for teachers and the other for students). We also have mySQL database of our alumni. I would like to connect this three information bases to one "virtual" LDAP server (for authentication purposes on various LAMP web servers etc.).
Is it possible to configure such virtual or proxy server using OpenLDAP? And if yes, could anybody be so kind and redirect me to some how-to resources?
That should be possible. You need to decide how you want the three data sources to show up in the LDAP tree presented to the client systems, and you need to consider what happens if the same username (uid in LDAP terms) appears in more than one data-source.
I would start by building a simple LDAP proxy in front of one AD and getting that working first (use the LDAP backend or the META backend). Then try putting an rwm overlay on it and changing the name mapping.
Once those are working, try a simple SQL backend in isolation.
Finally, join all three together in the same server using the relay overlay.
Documentation is here:
http://www.openldap.org/doc/admin24/
Look in the Backends and Overlays sections in particular. You will also need to search Google and the Faq-O-Matic for examples as some of the documentation is a bit thin.
http://www.openldap.org/faq/data/cache/1.html
Some things are better explained in the manpages than in the Admin Guide.
Andrew