Re: Can openldap do fan-out authentication?

[Dieter Kluenter <dieter@dkluenter.de>]

Gary Mills <mills@cc.UManitoba.CA> writes:

> On Sun, Feb 08, 2004 at 04:38:15PM -0500, Adam Williams wrote:
[...]
> That sounds like exactly what I want.  How do you set the search order?
> We have a lot of data overlap between trees, and would like to search
> the most likely one first.
>
> Has anyone actually used back-meta for this purpose?  I'm still looking
> for a nice example.

This is a simple example, which would allow you to retrieve all
attributes.

####################
# Meta Directory   #
####################

database meta
suffix dc=AVCI,dc=ORG
dncache-ttl 600
rootdn cn=director,dc=AVCI,dc=ORG
rootpw {SSHA}xxxx
rebind-as-user
#################
# the 1st server#
#################
uri ldap://marin.avci.de:9009/ou=users,dc=AVCI,dc=ORG
suffixmassage "ou=USERS,dc=AVCI,dc=ORG" "ou=users,o=avci,c=de"
pseudorootdn cn=admin,o=avci,c=de
pseudorootpw {SSHA}xxxxx
lastmod off
rewriteEngine on

##################
# the 2nd server #
##################
uri ldap://samba.avci.de/dc=AVCI,dc=ORG
lastmod off
pseudorootdn cn=admin,o=flake,c=se
pseudorootpw {SSHA}xxxx
rewriteEngine on
rewriteContext default
rewriteRule "(.*)dc=AVCI,dc=ORG" "%1o=flake,c=se"
rewriteContext searchResult
rewriteRule "(.*)o=flake,[ ]?c=se" "%1,dc=AVCI,dc=ORG"
rewriteContext searchFilter
rewriteRule "(.*)cn=([^)]+),dc=AVCI,[ ]?dc=ORG(.*)" "%1cn=%2,o=flake,c=se%3"

-Dieter
-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de