I am seeking a solution to be able to bind to, and search more than one tree and server per request using Linux. My goal is to maintain separate groups of user accounts on an OpenLDAP server -- e.g. local and network. The groups of users can have overlapping posixAccount uid attributes, but will have unique uidNumber attributes. My main use case is authentication, which requires checking a remote LDAP server first -- currently AD which requires attribute re-mapping), then network tree on the local LDAP (openldap) if not in remote server, then the local tree on local server if not in the first tree. I have tried referrals and rewrites, but nothing I've tried worked. It looks like the creation of a custom overlay will work, but I'd rather not go down that path. I have also tried using PAM, but pam_ldap is limited to one configuration per service (modifying pam_ldap is an option at this point).
Thanks,
Craig