> Now I am thinking how to enable delegation to multiple LDAP servers and how > to map users to these > servers. Then how do you make users in ApacheDS to another principalDn in > the external server? >
MyVirtualDirectory handles this as part of the joiner system. When a user binds to the virtual directory the joiner system loads the entry and determines all of the 'DN's the user is joined with and attempts a bind on each one. If any succeed the overall bind succeeds. If all the attempts fail the overall bind fails. For instance a user binds with the DN uid=tuser,ou=users,dc=domain,dc=com This user maps to the remote directory entry uid=tuser,ou=users,c=mycompany,c=us and is joined to the AD entry cn=Test User,cn=Users,dc=domain,dc=com The joiner will attempt an internal bind for both uid=tuser,ou=users,c=mycompany,c=us cn=Test User,cn=Users,dc=domain,dc=com internally returning success if either succeeds. I don't know if you want to implement a full joiner subsystem but there's one way to implement it. Marc
