[Date Prev][Date Next] [Chronological] [Thread] [Top]

caching authentication proxy

To: openldap-software@openldap.org
Subject: caching authentication proxy
From: "pkoelle@gmail.com" <pkoelle@gmail.com>
Date: Fri, 18 May 2007 11:43:20 +0200
User-agent: Thunderbird 2.0.0.0 (Windows/20070326)

Hi list,

I need to replicate information from a remote LDAP server, however the target server populates the userPassword field with '*********' and stores credentials in a custom SASL backend to auth SASL binds and simple binds.

What I need is:

a) enable clients to do simple binds to my openldap server

b) the openldap server should continue to work when the network
   link/remote server is down.

The solution to point a) would be using back-ldap with rebind-as-user=yes as all identities exist on the remote server (no idassert necessary right?). Point b) seems trickier however. The proxycache overlay might provide some redundancy when the remote server is down but this is far from ideal since high values for cache ttl will prevent changes on the remote server to be visible. What I don't know is whether proxy-cache caches bind information. If it doesn't, this setup is a nogo ;(

Ideally, slapd would try to authenticate the client locally and if that fails ask the remote server and update the local entry on success. But this smells like it needs an overlay.

I apologize if the description is a bit vague, or my assumptions are wrong. I haven't explored all possibilities yet but would like to avoid errors early in the design.


thanks
 Paul

Prev by Date: Re: Problem with adding country attribute
Next by Date: Re: slurpd replication problem
Index(es):
- Chronological
- Thread