[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
the best and the shortest way ?
Hi everyone,
I'm stopped with technical stuff tryin' to deploy a specific backend meta.
(see here :
http://www.openldap.org/lists/openldap-software/200701/msg00190.html
and here :
http://www.openldap.org/lists/openldap-software/200701/msg00272.html )
So iI will try to explain what I want, and maybe what I'm tryin' to do
is not the best way :)
The background :
1) there is a general openldap directory existing D1, on which I just
have a system account to read its data
--> no anonymous bind permitted to access the data, I need to call
ldapsearch this way to retrieve any results :
ldapsearch -x -D "cn=toto,ou=system,dc=univ-paris7,dc=fr" -w xxxx -H
ldaps://ldap.univ-paris.fr -b "ou=people,dc=univ-paris7,dc=fr" cn mail
-LLL
2) the fact is that I need authentication datas on people who are not in
that directory D1, so I have to build my own ldap directory D2; and I
don't want any data redundancy between D1 and D2
--> D1 (union) D2 = empty set
3) to have an unique way to get authentication in Apache for example, in
order that people from D1 AND D2 can access, I've been thinkin' that the
best solution was to deploy a openldap meta backend D3 that would
transmit the authentication requests both to D1 and D2.
--> D1 and D2 are D3's targets.
Is this the simplest way ? are there any solutions to implement that ?
The technical stuff
See the previous posts to see what stops me. Directory with anonymous
binds don't have any problems to be targeted, but as soon as
authentication is needed, access is refused whenever I give a dn to
authenticate ...
Thanks,
--
Julien Oix
UFR d'Informatique - Université Paris Diderot
Bureau 5C01 (5ème étage)
175 rue du Chevaleret
75013 PARIS
Tel : +33 (0) 144 278 504
Mobile : +33 (0) 664 392 207
---------------------------------------------
http://www.gnu.org/philosophy/no-word-attachments.html