I tried to set up a single AD + local version with meta.
meta -> domain, com
ad, domain, com -> AD
ldap, domain, com -> localhost with configured with hdb
It doesn't seem to work though :/
On Mon, Jun 28, 2010 at 1:05 AM, Gidobo 69 <gidobo69(a)gmail.com> wrote:
I plan to set up a meta directory. It looks like a normal one according to
the openldap descriptions so I was surprised that I was unable to find any
howto/faq/forum entry/mailing about it.
Let me describe it:
I have a heterogeneous system and want to have a common ldap system for it.
Here is what I have now:
Two AD domains
An openldap db for a software with internal users.
- To be able to authenticate a domain user from either AD.
- To have non-AD users as well.
- To have non-AD attributes for all three.
So for authentication:
If user is an AD user -> authenticate from appropriate DC
If user is a non-AD one -> authenticate from openldap
If I want non-AD attribute added to AD users as well.
If an attribute doesn't exist for an AD user in openldap ask the
This way I could user AD users and their groups through openldap, have
independent non-AD users and have attributes for all users in openldap local
db regardless of authentication source.
Have I missed something and this is too 'exotic'?
-> AD1 users, authenticates from DC1
-> AD2 users, authenticates from DC2
-> 'other' users, authenticates from openldap local db
Attributes mapped. If user is an AD one and attribute doesn't exists in
local DB, proxy the query to AD.
Thanks in advance