Re: LDAP proxy with local database

[Ralf Haferkamp <rhafer@suse.de>]

Am Mittwoch 30 Juni 2010, 12:14:05 schrieb Tunguskin Petr:
> Hello.
> 
> I have one program which can authenticate with LDAP server and Active
> Directory with read access. I need to authenticate extra users, but I
> can't add them to Active Directory for security reasons. Program can
> work with only one LDAP source.
> 
> I have tryed to use openldap chain overlay to join local and remote
> LDAP databases with refferals. Search works fine, but bind operation
> doesn't work, openldap writes error: <= bdb_dn2id: get failed:
> DB_NOTFOUND: No matching key/data pair found (-30989)
> 
> Is it possible to bind to remote LDAP records with chain overlay?
> 
> ------------------------------------------
> database        bdb
> suffix          "dc=local"
> rootdn          "cn=ldapadmin,dc=local"
> rootpw          12345678
> 
> directory       /var/lib/ldap
> 
> overlay               chain
> chain-uri             "ldap://10.1.1.1/";
> chain-rebind-as-user    TRUE
> chain-cache-uri         true
> chain-chaining          resolve=chainingRequired
> continuation=chainingRequired chain-idassert-bind    
> bindmethod="simple"
>                       binddn="cn=ldapuser,cn=Users,dc=test,dc=local"
>               credentials="123"
>                       mode="none"
> ----------------------------------------
> 
> Could you recommend another solution?
Setup a proxy database (using the "ldap" backend) and glue it with your 
local bdb database using the "subordinate" keyword in slapd.conf. (See 
the slapd.conf(5) man-page.)

-- 
Ralf