No ideas? I tried to set up a single AD + local version with meta.
meta -> domain, com ad, domain, com -> AD ldap, domain, com -> localhost with configured with hdb It doesn't seem to work though :/ Bests Gidobo On Mon, Jun 28, 2010 at 1:05 AM, Gidobo 69 <[email protected]> wrote: > > Hi, > > I plan to set up a meta directory. It looks like a normal one according to > the openldap descriptions so I was surprised that I was unable to find any > howto/faq/forum entry/mailing about it. > > Let me describe it: > > I have a heterogeneous system and want to have a common ldap system for it. > Here is what I have now: > > Two AD domains > An openldap db for a software with internal users. > > My aim: > - To be able to authenticate a domain user from either AD. > - To have non-AD users as well. > - To have non-AD attributes for all three. > > So for authentication: > > If user is an AD user -> authenticate from appropriate DC > If user is a non-AD one -> authenticate from openldap > > If I want non-AD attribute added to AD users as well. > If an attribute doesn't exist for an AD user in openldap ask the > appropriate DC. > > This way I could user AD users and their groups through openldap, have > independent non-AD users and have attributes for all users in openldap local > db regardless of authentication source. > > Have I missed something and this is too 'exotic'? > > > Example: > ad1.company.com -> AD1 users, authenticates from DC1 > ad2.company.com -> AD2 users, authenticates from DC2 > ldap.company.com -> 'other' users, authenticates from openldap local db > > Attributes mapped. If user is an AD one and attribute doesn't exists in > local DB, proxy the query to AD. > > Thanks in advance > Gidobo > > >
