On Feb 12, 2:24 pm, Curt Lundgren <[email protected]> wrote: > I consider myself among the great unwashed masses, where LDAP is > concerned. We have a situation at work where there are two Email > servers which can share authentication data via LDAP. We have a
By "Email servers" I assume you mean email servers also running LDAP? > separate service I'll call Fred that needs to look at both Email > servers for authentication. Fred can point to just one LDAP server. > Oops. Most LDAP clients can connect to multiple LDAP URIs but I think the basedn must be the same (see man ldap.conf or http://linux.die.net/man/5/ldap.conf). > What has been suggested is that we use an LDAP reflector, which will > take the queries from Fred and send them to both Email servers. One > will respond, since we will be careful never to use the same account > name on both servers. An "LDAP reflector" is probably nothing but an intermediate LDAP server with other LDAPs as backends. See the backends section and then the backend database options of man slapd.conf or http://linux.die.net/man/5/slapd.conf. Also look at man slapd-ldap and man slapd-meta (http://linux.die.net/ man/5/slapd-ldap and http://linux.die.net/man/5/slapd-meta). In fact this is the way that we have setup our LDAP in our dept. to communicate with the university LDAP, yet still maintain our own namespace for people not in the university LDAP. Another reason for this is that we don't have write access into the main LDAP, just a read-only user that can authenticate. HTH, Sabuj Pattanayek --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -~----------~----~----~----~------~----~------~--~---
