Hello,
We would like to setup a kind of replica. We don't want to replicate some attributes like userpassword, lmpassword, ntpassword. How can we configure the replica to proxy the authentication somewhere else. Is there a way to do that via an overlay or something else?
Thanks
Dom
On 10/11/11 16:03 +0100, LALOT Dominique wrote:
Hello,
We would like to setup a kind of replica. We don't want to replicate some attributes like userpassword, lmpassword, ntpassword. How can we configure the replica to proxy the authentication somewhere else. Is there a way to do that via an overlay or something else?
back-ldap may be a solution, assuming that you don't have any locally stored data.
You could utilize pass-through authentication to delegate authentication to a remote ldap server via saslauthd, Courier authdaemon, or possibly auxprop/ldapdb. However, pass-through authentication won't give you lmpassword or ntpassword.
LALOT Dominique wrote:
Hello,
We would like to setup a kind of replica. We don't want to replicate some attributes like userpassword, lmpassword, ntpassword. How can we configure the replica to proxy the authentication somewhere else. Is there a way to do that via an overlay or something else?
The pbind (ProxyBind) overlay will proxy Simple Binds to another LDAP server. See slapo-pbind(5).
openldap-technical@openldap.org