[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
remote authentication
So, I've searched archives, FAQs, etc. and haven't found anything about
this. I want to know if it is possible to bind (with a password) to one
LDAP server as a DN that is not in that server's database:
I have a database w/ suffix 'o=College1,c=US' and a second w/ suffix
'o=College2,c=US'. Then, in College1's database, I have a DN
'cn=web500-college2,o=College1,c=US' and it has a userpassword attribute
associated with it. In College2's slapd.conf file, I have an ACL that
says
access to dn=".*o=College2,c=US$"
by dn="^web500-college2,o=College1,c=US$" read
I also have a reference to College2 in College1's database. So, when I
search College1 (specifically via web500gw, but it does the same thing
regardless of which client I use) it searches both colleges. However, it
won't return anything from College2's database (the ACL above is the only
one that I am using for College2, except for defaultaccess none and
access to attr=userpassword
by self write
by * none).
Since web500-college2 doesn't exist in College2's database, it seems to
make sense that I wouldn't be able to bind via the reference as
web500-college2,o=College1. So, is there some way to make College2 ask
College1 to do the authentication for web500-college2,o=College1 ???
Thanks a lot!
--
Chuck Schied
Harvey Mudd College
cschied@hmc.edu