Hi. I'm new to this list, but risk diving right in with a question:
I am wondering whether the following scenario is possible to implement using
OpenLDAP:
We are a sub-organization within a larger organization and want to perform
authentication against the central LDAP server yet augment query results with
attributes from from the DIT of our own LDAP server. In effect, providing a
virtual DIT hiding the details of which attributes comes from where to the
applications using it.
It is not just a matter of delegation, more of a selective merge of the
attributes available in the 2 DITs. An example:
Central DIT:
cn: someone
userPassword: something
mail: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>
irrelevantAttribute: whatever
Our DIT:
uid: someone
inProjects: someProject, someOtherProject
Virtual DIT (auth'ed against Central DIT):
uid: someone
mail: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>
inProjects: someProject, someOtherProject
Commercial products such as the Symlabs Directory Extender promise such
capabilities but I'd like to stick with an open solution in at all possible. I
guess it might possibly be implemented in a custom back_perl handler, but is it
possible to achieve using fx back_meta or some other "native" OpenLDAP
configuration?
Thanks in advance,
/\/\\ads Troest
