Re: Bind using credentials from another directory server

[Howard Chu <hyc@symas.com>]

Emmanuel Dreyfus wrote:
> François Beretti <francois.beretti@gmail.com> wrote:
>
> > Does OpenLDAP provide a way to authenticate on it using a DN / pwd of
> > another LDAP server ? I have read the manual page about the LDAP and META
> > backends, but I did not find if it match my will.
> >
> > At the end I would like to authenticate on OpenLDAP with a DN/pwd of another
> > directory (or maybe SASL credentials ?), and access (probably only through
> > OpenLDAP) to the data of both OpenLDAP and the other directory server.
> >
> > I can customize the OpenLDAP server (in fact: our server), and not the other
> > server (the customer server).
>
> Some time ago, I wrote a custom LDAP backend for hijacking
> authentication. My goal was to redirect it to a RADIUS server, but you
> could modify my code to authenticate against anything else.

For the specific case of RADIUS, a full backend is not needed. If your users 
already have LDAP entries, you can set their userpassword to use the {RADIUS} 
scheme which will cause a RADIUS server to be used for Simple Bind 
authentication. That code is in the contrib/slapd-modules/passwd directory in 
HEAD and will also be in 2.4.
> Here is it:
> http://ftp.espci.fr/pub/ldap2radius/

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  Chief Architect, OpenLDAP     http://www.openldap.org/project/