[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Backend authentication
>I have read-only access to a "master" LDAP server, but don't have the
>authority to create objects or extend the schema of the LDAP server. I plan
>to setup my own local LDAP server (OpenLDAP 2.1.22). However, I would like
>to utilize the "master" server for authentication purposes so that when
>users change their "master" password they can still log into my local LDAP
>server.
>Is this possible?
>Ideally I would prefer to setup a "shadow" system: if an object has a value
>in the local server then use that, otherwise lookup the value in the
>"master" server. Again, is this possible?
I haven't tried it but can you create a back-ldap entry that points to the
"master" and a back-bdb that this 'subordinate'.
database bdb
suffice "ou=HooHa,ou=...,dc=nakedgeeks,dc=ru"
directory /var/lib/ldap
...
subordinate
databse ldap
lastmod off
user "ldap://master"
rebind-as-user
Would that work?