[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authenticating with multiple databases

To: openldap-software@openldap.org
Subject: Re: Authenticating with multiple databases
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Fri, 16 Apr 2010 09:36:21 +0100
Cc: Ian Gillman <ian.gillman@monroeclinic.org>
In-reply-to: <1114550919.6979911271340162740.JavaMail.root@zimbra1.monroeclinic.org>
References: <1114550919.6979911271340162740.JavaMail.root@zimbra1.monroeclinic.org>
User-agent: KMail/1.12.4 (Linux/2.6.31.12-desktop-3mnb; KDE/4.3.5; x86_64; ; )

On Thursday, 15 April 2010 15:02:42 Ian Gillman wrote:
> We have a situation where we have 2 OpenLDAP databases containing
>  usernames, passwords etc... for two distinct entities.

You don't say so explicitly, but it seems you mean you have 2 servers, each 
with a (different) database.

>  We would like to be
>  able to send an authentication request to one of the databases and have it
>  return yes or no based upon the information in both databases.
> 
> In other words, database A (DBa) has user A's (Ua) credentials and database
>  B (DBb) has user B's (Ub) credentials. We would like to be able to talk to
>  either DBa or DBb and get back the user credentials and authentication for
>  both Ua and Ub.
> 
> Is there some way I can set up OpenLDAP to be able to try and authenticate
>  a user request locally and then, if that fails, to authenticate the
>  request remotely without the requestor having to know about the remote
>  database? We do not want to replicate information between the databases.

Have you looked at the meta backend? Specifically, the SCENARIOS section of 
slapd-meta(5).

Regards,
Buchan

References:
- Authenticating with multiple databases
  - From: Ian Gillman <ian.gillman@monroeclinic.org>

Prev by Date: Re: any benefit to skipping unused schema files?
Next by Date: Re: OpenLDAP ACLs Question
Index(es):
- Chronological
- Thread