Re: Redirect bind requests to another server

[Howard Chu <hyc@symas.com>]

Dieter Kluenter wrote:
> Andreas Moroder<andreas.moroder@sb-brixen.it>  writes:
>
> > Hello,
> >
> > we have a web application that autenticates via openldap. Now a second
> > hospital should use this same application, but they have their own
> > autentication server, active directory in this case.
> >
> > In our network the users authenticate giving their username ( amoroder
> > in my case ) and password. Is it possible to configure openldap to
> > redirect the bind request to the remote server when the username
> > contains an extension like jsmith@remote ? Does this work with AD as
> > second/remote authentication server ?
>
> What you are requesting is some sort of X.500 DAP services plus the
> service of a virtual directory. This could partly be achieved with
> OpenLDAP,

It can be entirely achieved with OpenLDAP. Using the rewrite overlay to map 
usernames, you can then relay the requests to either a local DB or back-ldap.

> it would be easier to put a virtual directory in front of
> OpenLDAP and AD and have all users to authenticate against the virtual
> directory[1].

OpenLDAP is already capable of acting as a virtual directory....
> -Dieter
>
>
> Footnotes:
> [1]  http://penrose.safehaus.org/Home

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/