[Date Prev][Date Next] [Chronological] [Thread] [Top]

remote authentication



So, I've searched archives, FAQs, etc. and haven't found anything about
this.  I want to know if it is possible to bind (with a password) to one
LDAP server as a DN that is not in that server's database:

I have a database w/ suffix 'o=College1,c=US' and a second w/ suffix
'o=College2,c=US'.  Then, in College1's database, I have a DN
'cn=web500-college2,o=College1,c=US' and it has a userpassword attribute
associated with it.  In College2's slapd.conf file, I have an ACL that
says

access to dn=".*o=College2,c=US$"
  by dn="^web500-college2,o=College1,c=US$" read

I also have a reference to College2 in College1's database.  So, when I
search College1 (specifically via web500gw, but it does the same thing
regardless of which client I use) it searches both colleges.  However, it
won't return anything from College2's database (the ACL above is the only 
one that I am using for College2, except for defaultaccess none and 
access to attr=userpassword
  by self write
  by * none).

Since web500-college2 doesn't exist in College2's database, it seems to
make sense that I wouldn't be able to bind via the reference as
web500-college2,o=College1.  So, is there some way to make College2 ask
College1 to do the authentication for web500-college2,o=College1 ???

Thanks a lot!
-- 

Chuck Schied
Harvey Mudd College
cschied@hmc.edu