[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Redirect bind requests to another server

To: "Simon Maier" <simon.maier@uni-konstanz.de>
Subject: Re: Redirect bind requests to another server
From: "Gavin Henry" <ghenry@suretecsystems.com>
Date: Thu, 29 Mar 2007 17:26:48 +0100 (BST)
Cc: Andreas Merkel <andreas.merkel@uni-konstanz.de>, openldap-software@openldap.org
Importance: Normal
In-reply-to: <1175175831.460bc297a06d5@webmail.uni-konstanz.de>
References: <1175175831.460bc297a06d5@webmail.uni-konstanz.de>
User-agent: SquirrelMail/1.4.9a-1

<quote who="Simon Maier">
>
> Hi,
>
> I have a question about a special LDAP setup, we want to implement at
> the university computing centre. The story as it's intended to be:
>
> We're running a groupware application (openxchange), which uses a LDAP
> server (openldap 2.2.23 on Suse 9.3) to authenticate its users (mainly
> members of the computing centre) and to store contacts, group
> memberships of the users and some of the user settings. This server
> runs on the same machine as the groupware itself.
>
> There is another LDAP server (i don't know the version used there), that
> holds the centralized password and account name of all users at the
> university for various authentication purposes. This server only
> accepts bind requests.
>
> The goal is to authenticate the users against the central LDAP server
> but to store the settings etc. on the local server. There is one
> additional problem, the naming contexts on the servers do not match
> each other. To give you a basic idea I reproduced this with "generic"
> names:
>
> central: cn=user.account,ou=peopl,o=my organisation,c=acountry
> local:uid=user.account,ou=Users,ou=OxObjects,dc=my,dc=groupware,dc=server,dc=acountry
>
> Is there a way to accomplish this?

See:

slapo-rwm - rewrite/remap overlay
slapd-ldap - LDAP backend to slapd

man slapo-rwm
man slapd-ldap

slapo-rwm can be used to rewrite/map the naming contexts, and slapd-ldap
can be used to authenticate local users to the remote Directory.

>
> If this is a RTFM question, please excuse me asking, but I'm not very
> familiar with openldap
>
> By the way, we're planing to upgrade the server to a later version of
> the operating system, so answers for openldap 2.3.27 would be helpful
> too.

Best get the latest versions. Grab Buchans RPMs from:

http://anorien.csc.warwick.ac.uk/mirrors/buchan/openldap/SRPMS/

>
> regards
>
> Simon
>

-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Follow-Ups:
- Re: Redirect bind requests to another server
  - From: Simon Maier <Simon.Maier@uni-konstanz.de>

References:
- Redirect bind requests to another server
  - From: Simon Maier <simon.maier@uni-konstanz.de>

Prev by Date: Re: Redirect bind requests to another server
Next by Date: Re: Redirect bind requests to another server
Index(es):
- Chronological
- Thread