[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Backend authentication

To: Simon Oliver <s.oliver@umist.ac.uk>
Subject: Re: Backend authentication
From: Adam Williams <awilliam@whitemice.org>
Date: Mon, 12 Jan 2004 11:56:58 -0500 (EST)
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <002b01c3d928$2584df50$a06e5882@bi.umist.ac.uk>

>I have read-only access to a "master" LDAP server, but don't have the
>authority to create objects or extend the schema of the LDAP server.  I plan
>to setup my own local LDAP server (OpenLDAP 2.1.22).  However, I would like
>to utilize the "master" server for authentication purposes so that when
>users change their "master" password they can still log into my local LDAP
>server.
>Is this possible?
>Ideally I would prefer to setup a "shadow" system: if an object has a value
>in the local server then use that, otherwise lookup the value in the
>"master" server.  Again, is this possible?

I haven't tried it but can you create a back-ldap entry that points to the 
"master" and a back-bdb that this 'subordinate'.


database bdb
suffice  "ou=HooHa,ou=...,dc=nakedgeeks,dc=ru"
directory /var/lib/ldap
...
subordinate

databse ldap
lastmod off
user    "ldap://master";
rebind-as-user

Would that work?

References:
- Backend authentication
  - From: "Simon Oliver" <s.oliver@umist.ac.uk>

Prev by Date: RE: trouble configure TLS in LDAP
Next by Date: RE: Backend authentication
Index(es):
- Chronological
- Thread