Hi, I plan to set up a meta directory. It looks like a normal one according to the openldap descriptions so I was surprised that I was unable to find any howto/faq/forum entry/mailing about it.
Let me describe it: I have a heterogeneous system and want to have a common ldap system for it. Here is what I have now: Two AD domains An openldap db for a software with internal users. My aim: - To be able to authenticate a domain user from either AD. - To have non-AD users as well. - To have non-AD attributes for all three. So for authentication: If user is an AD user -> authenticate from appropriate DC If user is a non-AD one -> authenticate from openldap If I want non-AD attribute added to AD users as well. If an attribute doesn't exist for an AD user in openldap ask the appropriate DC. This way I could user AD users and their groups through openldap, have independent non-AD users and have attributes for all users in openldap local db regardless of authentication source. Have I missed something and this is too 'exotic'? Example: ad1.company.com -> AD1 users, authenticates from DC1 ad2.company.com -> AD2 users, authenticates from DC2 ldap.company.com -> 'other' users, authenticates from openldap local db Attributes mapped. If user is an AD one and attribute doesn't exists in local DB, proxy the query to AD. Thanks in advance Gidobo
