Andrew Findlay <[EMAIL PROTECTED]> writes: > On Wed, May 14, 2008 at 10:49:02AM +0200, Dieter Kluenter wrote: > >> Just to make sure, there are two directories, one that provides >> information on authentication and authorization, the second directory >> provides some additional iformation. If that is your request, than you >> may have a look at the translucent overlay. > > That would depend on whether the two servers had identical namespaces > (tree layout, choice of RDN etc). > > I have a similar requirement at the moment except that I only want to > use the second LDAP server to authenticate for a small proportion of the > entries in the first one. The namespaces are very different. I think > it can be done with a combination of rwm, back-ldap/back-meta and > slapd-relay, but this seems rather complex when all I really need is > 'pass-through authentication'. > > I will report back to the list if I come up with a workable solution, > but in the mean time does anyone have any pointers to a neat way of > doing this?
I have done similar with back-sql database sql suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" ... database relay suffix "ou=sql-user,o=avci,c=de" relay dc=example,dc=com overlay rwm rwm-rewriteEngine on rwm-rewriteMap <rules> subordinate database hdb suffix "o=avci,c=de" rootdn "cn=admin,o=avci,c=de" ... -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6
