On Thursday, 15 April 2010 15:02:42 Ian Gillman wrote: > We have a situation where we have 2 OpenLDAP databases containing > usernames, passwords etc... for two distinct entities.
You don't say so explicitly, but it seems you mean you have 2 servers, each with a (different) database. > We would like to be > able to send an authentication request to one of the databases and have it > return yes or no based upon the information in both databases. > > In other words, database A (DBa) has user A's (Ua) credentials and database > B (DBb) has user B's (Ub) credentials. We would like to be able to talk to > either DBa or DBb and get back the user credentials and authentication for > both Ua and Ub. > > Is there some way I can set up OpenLDAP to be able to try and authenticate > a user request locally and then, if that fails, to authenticate the > request remotely without the requestor having to know about the remote > database? We do not want to replicate information between the databases. Have you looked at the meta backend? Specifically, the SCENARIOS section of slapd-meta(5). Regards, Buchan